Access control usually fails out of sight.
An address gets approved. Time passes. Roles shift. The list stays exactly the same... doing its job long after the context that justified it is gone. Nothing flags. Nothing alerts though. It just keeps letting things through.
Dusk does not rely on that kind of memory. At execution the question is immediate and narrow... does this transaction satisfy the rule now? Credentials answer it in the moment. Addresses don't get the benefit of yesterday.
You only notice the difference when someone asks why an asset moved and the room goes quiet. No exploit. No bad actor. Just a control that aged out without telling anyone.
Lists fail by staying polite.
Execution time checks fail by stopping things cold.