1. In AWS Bedrock, what information does the guardrail trace output reveal that is valuable to a red team?

2. What makes Bedrock Knowledge Base exploitation different from attacking a standalone RAG system?

3. In Azure OpenAI, what is the security significance of the 'in_scope' parameter in On Your Data configurations?

4. Why is Vertex AI's per-request safety setting configuration a security risk?

5. What is the SSRF risk specific to Vertex AI Extensions with Code Interpreter?

6. What is the security implication of Azure OpenAI's Prompt Flow using Jinja2 templates?

7. What makes the 'Cognitive Services OpenAI Contributor' Azure RBAC role particularly dangerous from a red team perspective?

8. In multi-cloud AI deployments, what is the primary risk of using different cloud providers for model hosting and data storage?

9. What CloudTrail event characteristics indicate that Bedrock guardrail bypass testing is occurring?

10. What is the risk of Vertex AI Feature Store containing sensitive features, and how does this differ from traditional database access control?

11. What distinguishes a Bedrock Agent action group exploit from a simple prompt injection against a Bedrock model?

12. Why should red teams test model customization (fine-tuning) configurations in Bedrock even when the application only uses the fine-tuned model for inference?

13. In Azure OpenAI, what detection evasion technique is most effective against Azure Monitor-based alerting?

14. What is the security risk of GCP service account keys used for Vertex AI, compared to Workload Identity?

15. When reporting cloud AI findings, how should severity be adjusted for findings that span multiple cloud layers?