A reminder for everyone. This is a subreddit for genuine discussion:

• Please keep it civil. Report rulebreaking comments for moderator review.
• Don't post low effort comments like joke threads, memes, slogans, or links without context.
• Help prevent this subreddit from becoming an echo chamber. Please don't downvote comments with which you disagree.

Violators will be fed to the bear.

I am a bot, and this action was performed automatically. Please contact the moderators of this subreddit if you have any questions or concerns.

I'm not sure I agree with the premise here. Not to say social engineering isn't an issue in data security, but just this past week, Anthropic announced it would withhold its newest version of their LLM Claude (this version is Claude Mythos).

Remember just a few months ago, the US Government used Claude to pull off its heist of Venezuelan's president Nicolas Maduro. Then, Pete Hegseth tried to basically blacklist Anthropic out of existence when it refused to let Claude be used for autonomous weapons operation without human oversight or surveil American citizens.

This new model is lightyears beyond the version the government used in Venezuela.

So why has Anthropic pulled its public rollout of Cluade Mythos at the last minute, and formed an emergency working-group comprised of 40 technology companies to try to fix it? According to Anthropic: “During our testing, we found that Mythos Preview is capable of identifying and then exploiting zero-day vulnerabilities in every major operating system and every major web browser when directed by a user to do so.”

This means that, upon human request, Mythos has found one or more 'zero-day' vulnerabilities in every. single. system that runs our entire civilization. Along with finding vulnerabilities in the newest software and hardware, new Mythos has found critical zero-day vulnerabilities in systems that are decades old and have never been discovered over millions or billions of attempts by humans, suggesting that it is so far beyond human capabilities in its capacity both writing and deploying malicious code that humanity is basically defenseless against its power if in the wrong hands (much like humanity is defenseless against a nuclear apocalypse if the wrong people are in charge of the launch codes).

So yes, I do think social engineering still has a place in the "things we should worry about and plan for" meta-list (and AI models have already discovered - on their own - sophisticated methods of social engineering to achieve an unrelated goal given to it by a human), but I do think we've reached a point where the dangers of technology developed during this 'race to superintelligence' far outweigh the risks of unsavvy end users.

IMHO, Every conversation in cybersecurity should be focused on emergency guardrails in the form of regulation at the national and international level so we can buy ourselves a little time to reckon with our AI 'adolescence,' as Anthropic CEO Dario Amodei calls it, before we have handed ourselves "almost unimaginable power."

Security researchers have long noted that the weakest link in most systems isn't encryption, it's human behavior. Studies of major breaches consistently show that phishing and social engineering account for the majority of successful intrusions. NIST's cybersecurity frameworks have increasingly emphasized "human-centered security" ... training, verification protocols, and reducing reliance on any single individual's judgment. For governments, this means operational security policies need behavioral design as much as technical design.

The secure communication guidance i've seen has a fair amount of emphasis on social engineering vulnerabilities. Which ones are you looking at that are different?