The builder.ai story is wild. Microsoft put almost half a billion dollars into them (and lost it all). Everything crumbled when the Financial Times did a tiny amount of research on them, and realised their accounts were signed off a friend of the CEO. As soon as they hired a real auditor, they collapsed.
@Rairii @gsuberland @GossiTheDog
I was working at a very large well-known international company, and learned that they paid for professional pentests, yearly.
And *every single year*, the testers "won."
Like, regardless of the "targets" they were asked to get/penetrate/violate, they *always* succeeded, regardless of corporate security or barriers to access.
🙄
@JeffGrigg @Rairii @GossiTheDog yeah, I've been doing those exact assessments since 2013 and it's just kinda part of the fabric at this point. I'd estimate at least two thirds of orgs are like that for the majority of their projects, at the absolute minimum.
luckily these days I'm not in the trenches doing the 2-3 day minimally-scoped checkbox nonsense where nothing ever really improves beyond fixing the criticals. I got burned out on that a very long time ago.
Kevin Beaumont
Rairii 
Graham Sutherland / Polynomial
Jeff Grigg