Do you mean arbitrary output address that is unknown at commitment time? Otherwise, I think the current CTV vault does allow abort/allowing from "stage area" to "hot area" or abort to "rescue area". While general purpose recursive vaults will allow funds back into same "cold area", I think it is possible to also move funds back into same back under the same cold keys with a bounded recursion CTV provides.
Moving funds back to the initial key that the attacker already has demonstrated the ability to release from doesn't seem useful to me. -- though that is a thing the presigned example I gave doesn't do.
Finally, on the usefulness of vaults; based on my own observation of all the hacks (bitcoin and wider crypto), in most cases it is not the key that is stolen but rather the authorization process or UI/UX hacks or something else up the signing stack is compromised. Having reactive security to "undo" feels valuable in this scenario.
Is there an example of a hack that has been defeated by one? It would be interesting to see the exact workflow.
I presume in this case any rational attacker will not attempt something like this until they know they can succeed. A weaker argument here might be that this setup by itself would discourage attackers to attempt to continue :). I can try to look up examples for defeated hacks, but they might be hard to find.
If the scheme is just released into a 'hot area' and the hot area keys have the power to send the coins anywhere, presumably the attacker will attack the hot area keys and wait for funds to be moved there and instantly sweep once they're there. If the hot area keys are presumed secure, then they can be multisig on the release from 'cold'.
Any amount of money that you move in hot wallet can be stolen. The point here would be limit the theft exposure, for example, you never have more than X BTC in hot wallets. I agree that this might be awkward to do in practice with CTV vaults because you have to move the entire UTXO into "hot area" in order to send change back. Having a powerful vault primitive helps avoid this issue with change amounts. But in case of CTV, this can be somewhat mitigated with careful UTXO management.
When moving larger amounts across wallets, you would move them in increments of X BTC one by one limiting exposure.