[unboundedjiure]

Are you sure about that? Throughout auditing a lot of codebases in my lifetime I've found loads of ways to bypass authentication, spoof identity, cause denial of service in every one. These are very big and widely used applications with a lot of userbase.

While unauthorized people waltzing on in to company premises hasn't not happened, it's been way rarer than the amount of serious bugs or security flaws I find. Traditional phone and email scams happen more often, but their impact has materialized much less severe thanks to very limited user privileges

[bluGill]

Phone and email scams happen far more often than you think and the people doing them have gotten much better at looking real over time.

[unboundedjiure]

For better or for worse we've received substantially less international scam attempts due to the seemingly intractable problem of writing them in our language and the relatively small pool of viable targets, but the ones we do get are usually well-crafted and targeted. We run loads of internal email scams ourselves trying to see why people trip, and try to improve our practices based on those findings.

Currently there has been negligible impact on any of the products I've looked over because of traditional human scams. Conversely there have been significant troubles from real exploits being found and abused in the wild with dire consequences for legal and financial, but maybe my experience just happens to heavily skew the opposite of norm?. I expect things to change in the medium-term future as LLMs and such improve so that they can generate coherent text above a single sentence