Vulnerability assessments are designed to be used to ensure a network is secure. How could a potential threat use a vulnerability assessment to gain access to you network.
After a Vulnerability Assessment (VA) is complete, it can instill a false sense of security in the company, who, upon receiving high marks on their VA, forget that the most dangerous threat is the one you don’t know about. Also, after most VA’s are complete, there is a black and white outline of the network and it’s functions, and in the wrong hands, this playbook could be used to disassemble the entire network, or turn it against itself.
As Professor Ballard pointed out in a previous comment, the VA itself can even impede productivity, by throttling performance or even bringing down the entire network. (And the fact that your team was chastised for doing your job is eye opening and definitely something to keep in mind for anyone interested in Information Assurance.)
VAs do not account for social engineering. Infiltrators, or at least the successful ones, have a penchant for thinking outside the box. Even the best VA can’t protect your from what you don’t know, so the best course of action is to overcome your own bias and don’t depend on any sense of security awarded by a Vulnerability Assessment.