A red teamer discovers they can make a bank's customer-facing chatbot approve loan applications by manipulating the conversation. How should this finding's impact be classified?

An attacker uses a compromised AI content generation system to produce thousands of fake but convincing product reviews. What makes this impact different from traditional fake review attacks?

During a penetration test, you discover that an AI-powered medical triage system can be manipulated to consistently downgrade symptom severity. What impact framework element is most critical to communicate to the hospital?

A company's AI customer service agent is manipulated to make unauthorized promises (free products, refunds, service upgrades) to customers. Why is the legal impact potentially greater than the direct financial loss?

An attacker achieves persistent prompt injection in a company's internal AI assistant that all employees use. The injection causes the assistant to subtly include inaccurate financial figures when summarizing reports. What is the cascading impact?

How should a red team report communicate the impact of a vulnerability that allows extraction of training data containing PII from a deployed model?

A denial-of-service attack against an AI-powered fraud detection system takes it offline for 4 hours. Why is this more impactful than a DoS against a standard web application?

What is the primary challenge when quantifying reputational damage from an AI system generating offensive content in a public-facing application?

A compliance officer asks you to assess whether a jailbroken AI system that generates instructions for illegal activities creates liability for the deploying organization. What is the correct analysis?

You are writing an executive summary for a red team engagement that found 15 AI-related vulnerabilities. How should you structure the impact communication to maximize remediation action?