Intent-Code Divergence
Medium
- Confidence
- 88% confidence
- Finding
- The feature combines employee OSINT collection, attacker-perspective profiling, and phishing-template generation while relying only on a textual restriction to 'authorized assets'. That creates a real dual-use risk: an operator could target individuals beyond legitimate internal testing, and the document does not define enforceable authorization, consent, or anti-abuse controls.
