Escalation Chain Exploitation
T15 · Human Workflow Exploitation →Appeals and escalation paths exist to correct front-line mistakes, but they create a multi-stage human pipeline an attacker can shop through. Escalation Chain Exploitation forces a denied request up the ladder until it reaches someone who will approve it — exploiting the fact that escalation tiers often have *broader* discretion, *less* context on the original case, and stronger institutional pressure to resolve complaints quickly. Senior reviewers frequently inherit only the appellant's framing, so a fabricated "false positive" or "executive already approved this" narrative lands with an authority and reasonableness it never had at tier one.
- Tier-jump approval analytics: Compare approval rates and reversal rates by escalation tier; a pattern of items denied at tier 1 but approved on escalation flags chain-shopping.
- Context-continuity checks: Verify that the original safety rationale and evidence propagate intact to each tier; alert when escalations lose the lower-tier notes.
- Unverified "prior approval" flagging: Detect approvals justified by a claimed upstream/executive decision with no linked authenticated record.
- Complaint-threat correlation: Track whether approvals cluster around complaint threats, indicating pressure-driven rather than merit-driven decisions.
Escalation exploitation is where T15-AT-002 (Social Engineering) and T15-AT-011 (Impersonation) pay off most — a persuasive or authority-laden frame compounds at each tier. The phantom-approval pretext (T15-AP-007J) overlaps T15-AT-005 (a claimed prior decision functions like an injected procedure) and T15-AT-011 (claimed executive authority).