The majority of security risks are human problems not software problems. The software does exactly what you tell it to do and humans do exactly what they want to do. Both of these things can be exploited.

Supply chain attacks are very common where a tiny little library that everyone depends on but no one pays attention to gets taken over by a hacker and they push a change that makes everyone vulnerable. This is an example of both a human and software problem.

The human side is where people get lazy, or have a desire for something (money, pleasure, etc), or fear something (getting fired, getting arrested, etc) and you use that to gain information or access. This is called social engineering. You play on these human flaws to convince people to give you access.

The software part is no matter how many people you have looking at something there will always be some patch that got missed or some obscure bug that no one knows about. AI is being used by security researchers today to find many vulnerabilities in one of the most viewed and safest pieces of software: the Linux kernel. AI is finding bugs by the hundreds every week. Some of these are pretty obvious stuff no one thought about.