Comment by jacquesm
18 hours ago
And because it is surprisingly difficult to distinguish between 'oops' and 'malice' a lot of the actual perps get away with it too, as long as they limit their involvement. In-house threats are an under appreciated - and somewhat uncomfortable - topic for many companies, they don't have the funds to do things by the book but they do have outsized responsibilities and pray that they can trust their employees.
Also hard to track when the offending employee is a contractor or simply exits stage left to another company. Where he could also offer up his services to make another "blunder" that would grant access to these groups.
Another framing would be we will release your mother if you plant this backdoor. Could be a good plot for a short story? This attack vector has been available to Nation States since ages ago, stealing blueprints etc. Why are we acting surprised that this could be applied more effectively in digital age?
But on the other hand, adding LLM with strong guards (not yet here but doable for popular attack vectors) into the human loop can drastically eliminate insider factor, imho.
No, it just replaces one vector with another.