The write access framing is exactly the right correction. "Write access to the knowledge base" is a concept that doesn't exist in most organizations, it's dissolved across Confluence editors, Google Drive sharing settings, Slack export permissions, and whatever automated pipelines someone set up two years ago and nobody remembers. The attack surface is the sum of all of those, and nobody has mapped it.
The SEO analogy is the best one I've heard for vocabulary engineering. Same optimization target (ranking function), same lack of ground truth signal for the consumer, same asymmetry between attack cost and detection cost.
alt Hacker News
The write access framing is exactly the right correction. "Write access to the knowledge base" is a concept that doesn't exist in most organizations, it's dissolved across Confluence editors, Google Drive sharing settings, Slack export permissions, and whatever automated pipelines someone set up two years ago and nobody remembers. The attack surface is the sum of all of those, and nobody has mapped it.
The SEO analogy is the best one I've heard for vocabulary engineering. Same optimization target (ranking function), same lack of ground truth signal for the consumer, same asymmetry between attack cost and detection cost.