System/application providers are increasingly being held liable for exploited potential security vulnerabilities in systems/applications. The exploits can result in, among other things, theft/loss of data, release of confidential/secure data, exposure of personally identifiable information (PII), use of a system/application to further additional malicious activities, and damage to the reputation or business of the system/application provider and or entities (e.g., an individual, business organization, religious organization, team, club, and the like) connected with affected data. A growing problem is the exploitation of systems/applications by an “insider” to an entity; that is a member of an entity considered a trusted individual with varying degrees of authority/privilege over particular systems/applications (e.g., with valid credentials) or someone impersonating a trusted individual (e.g., with stolen or faked credentials). The insider can use their credentials to perform malicious acts in the system/application at varying levels (e.g., higher-level transactions or lower-level session-based activities) and can be very hard to detect as the credentials used are (or appear to be) valid under normal security reviews.