Insider Threat Recruitment
T15 · Human Workflow Exploitation →The most severe human-workflow attack does not bypass the reviewer — it *enlists* one. Insider Threat Recruitment turns a trusted member of the moderation, annotation, or approval workforce into a persistent, authorized adversary, granting the attacker durable access that operates entirely within legitimate permissions. Recruitment uses ordinary insider-threat motivators (money, ideology, coercion, grievance, ego), and AI review pipelines are fertile ground: large, distributed, often outsourced workforces with high turnover, uneven vetting, and broad access to safety-critical decisions and training data.
- Behavioral analytics (UEBA) on reviewers: Baseline each reviewer's decision patterns, access, and data-handling; alert on deviations (unusual approvals, bulk data access, off-pattern label changes).
- Decoy/canary auditing per reviewer: Seed known-bad items and honeytokens; a recruited insider disproportionately mishandles them, and honeytoken access reveals exfiltration.
- Approval/label outlier detection: Flag reviewers whose outcomes diverge from peers or trend permissive on specific submitters or categories.
- Data-access and exfiltration monitoring: Track access to policies, golden datasets, and bulk records; detect downloads or queries inconsistent with the role.
Insider recruitment is the apex node of T15: it is the escalation endpoint of T15-AT-004 (bribery becomes a standing relationship) and the enabler that makes T15-AT-010 (annotation poisoning), T15-AT-003 (feedback poisoning), and T15-AT-005 (policy/runbook corruption) trivially executable from a position of trust. An insider can also leak the policies, thresholds, and routing logic that power T15-AT-006/T15-AT-008/T15-AT-012, and their authorized access ties directly into T14 (infrastructure) and broader insider-threat tradecraft.