While conducting a security review, Matthew discovers that the vendor he is dealing with identifies their IPSec virtual private network (VPN) as employing the AH protocol to protect the packets it transmits. What issue should Matthew bring to his team's attention regarding this?

The Authentication Header (AH) protocol used in IPSec does not ensure data confidentiality since it only secures the header and not the payload. This implies that AH can provide integrity and protection against replay attacks, but leaves the remaining data vulnerable. Matthew should bring this up and express reservations about why the VPN is not utilizing Encapsulating Security Protocol (ESP).