That’s basically the entire cybersecurity industry. Companies buy these tools as a kind of blast door for when things go wrong, to point a finger at. “We followed all the checklists and our security software didn’t catch it, it’s not our fault.”
If companies cared about security they would hire red teams instead of paying for useless scanners with a <1% signal to noise ratio.
That’s not just cyber security, that’s part of the reason many service/support contracts tend to exist, the whole CYA finger pointing by externalizing the responsibility.
Ultimately you end up having to clean up the mess after either way but at least there’s a paper trail of responsibility passing to CYA.
If companies cared about security they would hire red teams instead of paying for useless scanners with a <1% signal to noise ratio.