CloudTrail delivered events to the resource owner and API caller even when the API action was denied by the VPC endpoint policy.
This could have enabled a stealthy data exfiltration method in cases where an attacker had previously compromised a VPC, by smuggling data through the user agent field in denied requests.