During a penetration test, a tester inadvertently scans the wrong network, potentially leading to legal ramifications. What is the MOST appropriate course of action?

Escalation and incident response are essential when a tester discovers they’ve scanned a network outside the agreed scope. Notifying the team leader promptly triggers the proper risk assessment, keeps actions aligned with the authorization, and ensures legal and contractual considerations are handled before any further steps. The team leader can decide whether to halt activity, inform the client per the engagement’s procedures, or involve legal/compliance, all while maintaining documentation and chain of custody. This minimizes additional risk and preserves accountability, avoiding uncoordinated actions that could worsen legal exposure. Continuing to scan or bypass internal protocols could deepen the problem, while escalating first ensures the right people respond and proper communications with the client are managed appropriately.