Audits, Attacks and False Positives