In May 2025, a vulnerability identified as CVE-2025-0133 was reported by XBOW, concerning the GlobalProtect VPN client gateway by Palo Alto Networks. This vulnerability, which is relatively easy to exploit, allows unauthorized third-party contractors access to applications and networks without needing complex attacks, as it can be triggered by simply misleading an end-user to click a manipulated link. Bugcrowd has noted a significant number of these vulnerabilities being reported, indicating its widespread presence and substantial impact. In a detailed security flash, Bugcrowd's founder, Casey Ellis, and Sr. Manager of Security Operations, Von Tran, delve into the implications for both defenders and attackers, as well as the broader context of AI and automation in relation to this security issue.