They take through vendors not shown in consent UI.
Vendors operating that are not listed in consent UI. The CMP shows 12 vendors but runtime detection finds 28. The gap represents undisclosed data collection that users never had the opportunity to consent to or reject.
How This Escalates BTI-C Findings
Escalates CMP manipulation (C11) and consent bypass (C09) into systematic disclosure failure. The consent UI itself becomes evidence of deception.
Related Advisories
No published advisories reference this code yet.
Investigations are ongoing.
Blackout uses security frameworks to protect AGAINST vendors, not FOR them. We do not notify vendors. We do not provide remediation windows. If you're using a vendor flagged by this code, the advisory is your evidence.
Permanent URL: deployblackout.com/bti/codes/X10