alt Hacker NewsI don't want to do the easy finger-pointing and scapegoating but honestly, what should happen to the Context.ai employee that thought it was a good idea to play games in their work machine and, on top of that, install cheats which are by definition of dubious provenance? I know defense in depth, security layers etc etc but there is also some personal responsibility at play here. We can chalk up the Vercel's employee mistake to a defense in depth failure that's on the whole company and management, but installing a cheat...
Replies
Let’s just say that OpSec at companies adopting AI is low across the board because security just isn’t a deciding feature at the moment. See McDonalds breach 2 years ago
I'd instead blame the IT department that let users install arbitrary software.
That’s one among a dozen factors at play here. Yes that’s bad, but also the security of other systems should never depend on your work laptop never getting hacked or having spyware installed. If that’s the only defense, you’re going to have problems.
Right? This isn't "A Roblox cheat and an AI tool", this is a failure of basic basic basic opsec across two organisations.
One for which the Context.ai employee needs to have their arse booted up and down the car park for.
Do we actually know the employee downloaded it on their work machine? At least this article doesn't say that (and I couldn't find it in other sources as well). Plenty of companies allow you to VPN into corporate network, or log into certain internal systems from the public Internet. Not saying they should, but it is much more common than you think.
For reference, look at how Disney got hacked. One employee downloaded compromised software on a personal computer. One thing led to another and boom. IT in many companies are much more incompetent than you think. I have seen that first hand.