To be very clear — I was specifically responding to "social engineering won't work on a human security expert". It can, and has. People are not infallible, and a "that would never happen to me" mindset (1) gets people phished when they think they're too smart for it and (2) is a pet peeve of mine and so sometimes I can't resist pointing that out.

Largely agree with you otherwise, not sure why you read my comment as mental gymnastics to justify LLMs. I don't think that they have an internal emotional state that can feel rushed, panicked, so on. They do — superficially — "respond" to such cues in language, which is why they can be "threatened" [0] and "flattered" [1]. But without an internal theory of mind, LLMs do this sycophantically without any internal model of the world (hence the quotes above, to avoid fully anthropomorphizing their behavior).

The only parallel I'm drawing is that both humans and LLMs can be coerced into unintended behavior via language ("social engineering" and "prompt jailbreaking" respectively), and those attacks are more effective if an attacker is allowed to control more "context", even if the underlying mechanism of why those attacks work is completely different.

[0] https://arxiv.org/pdf/2507.21133

[1] https://arstechnica.com/science/2025/09/these-psychological-...