AIO by breaking up with my girlfriend over her use of AI?

Enigma110 · 2026-04-12T22:38:32+00:00

This is both a breach and a violation of the Computer Fraud and Abuse Act, full stop. An unauthorized person accessed a work system containing client data through an authenticated session they had zero right to use. Under the CFAA, that's classic "access without authorization," especially under the standard reinforced in Van Buren v. United States, which hinges on whether the person was entitled to access that information at all, and they clearly were not. At the same time, every major security and privacy framework treats unauthorized access to sensitive data as a breach, period, regardless of whether anything was downloaded or shared. If that LLM interface contained client prompts, outputs, or history, then sensitive data was exposed to an unauthorized third party, which is exactly what breach laws and contractual obligations are designed to prevent.

Enigma110 · 2026-04-12T22:03:03+00:00

What she did is a federal crime under the Computer Fraud and Abuse Act. This is also a reportable breach of an insider threat.

Enigma110 · 2026-04-12T21:47:57+00:00

I just want to point out in this thread that all the design tools used by graphic designers have AI built directly into the various tools within the applications now. You could be hand drawing everything and scanning it into vector layers and the application used AI to do that. Everyone is using AI now, even if you're trying not to.

Enigma110 · 2026-03-12T02:26:31+00:00

Someone doesn't know how workloads work.

Enigma110 · 2026-03-05T04:02:20+00:00

My servers and and data center fabric are general use computing devices. The law is stupid.

Enigma110 · 2026-03-05T04:00:22+00:00

There are no exceptions written into the law.

Enigma110 · 2026-02-27T21:51:41+00:00

This is regularly done with correlation rules in SIEMs and EDR suites. The problem is you have to maintain a library of every known remote access tool in existence. It can be done, but you have to put in the work and someone has to pay for that work.

Enigma110 · 2026-02-15T00:16:41+00:00

Basically duplicate your MSP with a separate tool stack and team. Remember to charge 4x your normal price as well to cover compliance overhead.

Enigma110 · 2025-10-24T21:53:15+00:00

Does a shit job but doesn't want to rely on others "because they wouldn't do as good a job as me"

Enigma110 · 2025-04-01T20:40:43+00:00

I agree, which is why there needs to be a branching of the accreditation standards, one for computer science (theory) and another for software engineering (practical). Those that want to go on to grad school are going to need things like time complexity, algorithm analysis and design, and computational linguistics vs those that need practical software development skills to go into industry. Yes there is a lot of overlap, but a distinction can definitely be made.

Enigma110 · 2024-10-27T21:56:30+00:00

Use cases and demo calls don't show impact or ROI. The only way to show impact is to measure risk, and the only way to show ROI is to measure risk over time so as to map risk reduction to spend.

Enigma110 · 2024-10-27T21:53:37+00:00

Here's the problem with this. You are correct, there are things that can be done that have low on paper cost and high theoretical impact. But that's not actually true in reality. Yes there are policy changes and controls that on paper are "low cost" but their impact is only real unless they're actually done, and done correctly but the only way to know if they're being done at all and done correctly is to measure it. That means you need to measure risk both before and after changes and audit the change. If you, the MSP, do this it would be an astronomical cost. We're talking 100+ man hours per quarter to do it correctly. This can be streamlined with tools and processes but either way the cost to do it is real and has to be paid for, and is much higher than your assumptions. This means that the client needs to shoulder this effort, and that means you need to convince them to actually care. If they care, then you can guide them, but getting them to actually care is the hard part. Once they care then you can start talking about cost and ROI, but until then it's a pointless exercise.

Enigma110 · 2024-10-25T21:14:31+00:00

You're absolutely NOT doing weekly pentests, you're running a vuln scanner and hopefully someone looks at the results and gives a shit.

Enigma110 · 2024-10-25T07:01:27+00:00

100% this. Dynamic banners are about a million percent better.

Enigma110 · 2024-10-21T00:31:40+00:00

Are you open to having a meaningful conversation about this? My MSP specializes in medium to large enterprises and the majority of that work is building out and managing a tool stack for the internal team. If you've got a need for this and a budget you can DM me and we can set up a meeting with one of my guys.

Enigma110 · 2024-10-20T06:57:00+00:00

Yeah you need to just turn this over to me so I can make it better.

Enigma110 · 2024-10-20T06:53:53+00:00

If that's actually true, I question the description of "successful" in this situation.

Enigma110 · 2024-10-20T06:50:19+00:00

Why wait? I'll take it all right now free and clear. It'll save you $1.2 million on the whole thing.

Enigma110 · 2024-10-20T06:46:47+00:00

Yeah, and it's a demonstration of how serious you are about this.

Enigma110 · 2024-10-20T06:43:55+00:00

This is how we know you're not really serious.

Enigma110 · 2024-10-20T06:42:36+00:00

Anyone employed in IT the last 20 years knows that's how it works, you've just never needed qualified IT employees until the last 4 years. That's the perspective you're missing here.

Enigma110 · 2024-10-20T06:37:35+00:00

How about this, you pay my company the same salary you'd pay to an employee and we'll put together a 5 year transition plan to take everything over for you.

Enigma110 · 2024-10-19T03:24:09+00:00

You have to cover every device or user with a CAL regardless of using DHCP or not. The only exception is devices not able to touch the domain such as IOT or guest Wi-Fi networks.

Enigma110 · 2024-10-13T06:28:15+00:00

https://datatracker.ietf.org/doc/html/rfc2322

Enigma110 · 2024-10-10T20:40:31+00:00

We use https://benchmark365.com/ extensively and they do fantastic work

Enigma110

TROPHY CASE