Implicit trust is the assumption that users, devices, or applications are trustworthy based on their location, previous authentication, or network membership without continuous verification.
Problems with implicit trust:

• Lateral movement: Once inside, attackers can move freely across the network
• Privilege escalation: Compromised accounts can access resources beyond their need
• Persistent threats: Attackers can maintain long-term access without detection
• Insider threats: Malicious or compromised insiders exploit trusted access
  Example scenario:
  An employee authenticates to the corporate VPN and gains access to the entire internal network. If their credentials are compromised, an attacker inherits the same broad access without additional verification, potentially accessing sensitive databases, file shares, and applications across the organization.
  Zero-Trust addresses this by requiring continuous authentication and authorization for every resource access attempt.