So how long until exploit toolkits include plugins for fully automated xz-backdoor-style social engineering and project takeover?