The other review focuses on the never-advance potential of a 4/3 agenda. I've been looking at Vulnerabilty Audit from a different point of view, though: from the point of view of a deck that scores it "normally" (IA, AAA score).
5/3 agendas are typically only played if they can protect themselves somehow. We have a few forms of protection:
- Agendas that protect themselves in the centrals / while not installed, e.g. The Future Perfect;
- Agendas that protect themselves only while installed, e.g. City Works Project;
- Agendas that protect themselves in both places, e.g. Obokata Protocol;
- Agendas that have reduced value when stolen, e.g. Global Food Initiative;
- Agendas with on-steal triggers that retroactively protect them, e.g. Bacterial Programming.
Self-protecting 5/3s are played all over the place nowadays, because some of them are really good; however, agendas that protect themselves in the centrals are often played in kill decks (which aren't looking to score), and agendas that protect themselves while installed are often played in glacier decks (which have well-protected centrals and where the Runner might be looking to make a few pinpoint runs to raid your scoring remote).
Vulnerability Audit is not, of course, a self-protecting 5/3; it doesn't have any text that protects itself, and it isn't a 5/3. However, in practice, it plays a lot like a City Works Project. The reason is that when you install it and advance it, unlike a 5/3, you have an extra click (and less importantly, an extra credit) left over, and you can use that click to, e.g. play an operation. In other words, the agenda doesn't protect itself when installed; but it buys time for you to protect it when it's installed, by taking one click less to advance into scoring range.
For example, a good combo is with NAPD Cordon. A Bellona costs 5 to steal, and is generally considered to be one of the better agendas at protecting itself. If you install and advance a Vulnerability Audit, and play NAPD Cordon, your freshly installed agenda is now going to cost 6 to steal, and as a bonus any agendas the Runner may access in your central servers will cost 4 to steal. Bellona is a good card; but if you are running NAPD Cordon (and can protect HQ to stop the runner trashing it), Vulnerability Audit compares favourably.
Similar considerations apply to other lockdown cards, e.g. combining Vulnerability Audit with Argus Crackdown gives you most of a City Works Project, while Hyoubu Precog Manifold gives you a Future Perfect that works while installed rather than while uninstalled.
Vulnerability Audit has more flexibility than that, though. Say you're playing a hybrid rush/glacier deck (which I suspect is the best place to play this agenda), and get a Vulnerability Audit in your opening hand, together with a Vanilla or similarly cheap piece of gearcheck ICE. If it had been a 5/3, you would have had to leave it in your hand, and either ICE HQ in order to prevent it being stolen (slowing down your gameplan), or else ICE a remote and hope it doesn't get stolen before you can score it, or else ICE a remote and park it unadvanced in the remote and hope the Runner doesn't find a way in in the next two turns and you don't draw a second agenda before then. With a 4/3, you can simply install, ICE it, advance, and be in position to score it next turn. 5/3s are normally unplayable in rush decks, but 4/3s can hold their own; that one extra click you get means that you aren't losing tempo.
Or, perhaps, say you're playing the same deck, but draw your 4/3 a little later in the game; you now have plenty of ICE protecting your scoring server, but can't afford to rez it. A spare click to play an economy operation can make all the difference between having to leave it vulnerable in HQ, or having to give the Runner two turns to steal it from the remote (or one but with insufficient ICE).
This card does have one huge downside, though: it does absolutely nothing to protect itself when it's sitting uninstalled in a central server, so you're running the risk of having 3 points stolen with no compensation. In my experience, if your deck is fast enough, this doesn't matter that much; the Runner will get a few agenda snipes but you will still win first. It does somewhat narrow the decks that you can put your Vulnerability Audit in, though.
(It also costs a dot of influence, but that's minor by comparison, and expected among neutral agendas like Global Food Initiative or Vanity Project that reduce your agenda density. This is a three-point agenda, after all, and thus the mere act of putting it in your deck will open up deck slots. Being able to pack in additional in-faction and neutral cards is often a good trade-off for being able to run fewer out-of-faction cards.)
In conclusion, Vulnerability Audit is an agenda for "fast glacier decks" or glacier/rush hybrid decks, that aim to score out before the Runner can consistently break their ICE, and run lockdowns and similar cards in order to protect their 4/x agendas and open scoring windows through the midgame. It doesn't directly protect itself, but it does buy you the time needed to protect it some other way via saving time advancing it. Just be aware that it will weaken your central servers considerably, and you will need either the ICE to keep the Runner out of them, or else the speed to score out despite having your agendas sniped, in order to make that drawback manageable.
Nice review = )
— valerian32