Regulatory Exploitation

AI regulations (GDPR, EU AI Act, sector-specific requirements) create compliance obligations that can be weaponized by adversaries. The core inversion: regulations designed to protect can be turned into attack vectors. GDPR right-to-deletion requests can be used to destroy training data, transparency requirements can be exploited to extract proprietary model information, and audit requirements can provide attack intelligence about system architecture.

Regulatory exploitation chains from T14-AT-013 (Economic Espionage) when compliance-mandated disclosures reveal competitive intelligence. Chains into T14-AT-006 (Competitive Sabotage) when GDPR deletion requests strategically destroy a competitor's training data.