We characterize the capabilities of one-run privacy auditing and its inherent limitations and present new approaches to mitigate them.