Hack back or active defense—depending on how each is defined—and everything in between involves both lawful and unlawful activities, each carrying significant business and professional risks. These risks include deceptive practices, misattribution, and escalation. Advocating for a risk-based approach to lawful active defense tactics might seem obvious, yet employing certain active defense strategies, particularly where misattribution is a risk, can stray from this approach. Additionally, as of now, legislative reform that would grant a qualified privilege to hack back appears unlikely. Such a privilege would require proving both proper intent and accurate attribution, which poses considerable challenges. However, the tools, technologies, partnerships, and information-sharing mechanisms among corporations, governments, vendors, and trade associations are promising. They have already shown effectiveness and continue to improve steadily.