How do you assess whether a newly discovered vulnerability changes the organization’s risk posture at AIG?