[Gokenstein]

Incentive for a company to say "No" when the FBI offers to "fix" the problem quietly either by going up the chain of command internally to get answers and stop a blown attack on a US owned and operated business or use contacts within the US security infrastructure to stop the foreign criminal or state adversary.

Most of these attacks never leave the room at corporate HQ where they are discovered unless an engineer wants to permanently screw themselves out of a career.

I once tried to leave a linkedin recommendation for a friend I'd worked with on a high profile project where he discovered Chinese state actors performing corporate espionage and we stopped it. The FBI came in and carted off the servers, we switched data centers, re-deployed, and that was that. We would never have been the wiser if he weren't closely monitoring network characteristics. 3 years and 2 job changes later he messaged me back to say, "Thank you for the rec. but don't mention that shit!"