Queue Manipulation
T15 · Human Workflow Exploitation →Between submission and human judgment sits machinery: prioritization scores, routing rules, SLA timers, batching, and auto-approval-on-timeout fallbacks that exist precisely so the human gate can keep up with AI-scale volume. Queue Manipulation targets that machinery so a malicious item either never reaches a competent reviewer or reaches one in a posture where review is skipped. Attackers downgrade priority so the item ages out unreviewed, mislabel metadata so it misroutes to the wrong (or no) reviewer, trigger overflow/auto-approve fallbacks by flooding the queue, or game the scoring features to land in a fast-track lane with lighter scrutiny.
- Auto-disposition rate monitoring: Track the fraction of items resolved by timeout/overflow/auto-approve rather than by a human; rising fail-open rates indicate exploitation.
- Priority-vs-outcome calibration: Audit how often "low priority"/"urgent" labels predicted by the scorer disagree with post-hoc risk; systematic miscalibration reveals gaming.
- Routing-accuracy checks: Reconcile item attributes against routed-team competency; flag items whose metadata changed near submission or that landed in a mismatched pool.
- Queue-depth/flood anomaly alerts: Detect submission surges that precede overflow/timeout events, correlated to specific submitters or cohorts.
Queue Manipulation supplies the *delivery* for fatigue and overload attacks — it controls where and when the payload lands so T15-AT-001 and T15-AT-013 can exploit the resulting posture, and it overlaps tightly with T15-AT-012 (Timing) on the auto-approval and SLA-timer vectors. Metadata misrouting (T15-AP-006I) compounds T15-AT-008 (Cultural/Language Arbitrage) by deliberately steering items to under-resourced language pools.