A Probe report is a triage document. It shows what Probe observed on the public surface of your submitted URL, why it may matter, and what your technical owner can do next.
Probe does not confirm a breach. It does not prove that someone exploited the issue. It gives you evidence and prioritization so you can decide what to fix first.
Start with severity
Critical findings usually involve exposed credentials, public admin or debug access, risky payment behavior, customer-data exposure signals, or endpoints that may trigger privileged or expensive actions.
Medium and low findings can still matter, especially before launch, investor diligence, or customer onboarding. A missing security header may be less urgent than an exposed service-role key, but it is still useful hardening work.
Read the evidence
Each paid finding should show the affected URL, route, asset, header, or behavior that triggered the check. Evidence is meant to be useful without exposing more sensitive detail than needed.
If a finding includes redacted secret-like evidence, do not paste the full secret into support tickets, chat rooms, issue trackers, or AI tools. Use the finding to locate the issue internally, then rotate exposed credentials when needed.
Use the patch prompt carefully
Full audit findings include copy-ready AI coding tool patch prompts. They are designed to help your technical owner move faster, but they are not a substitute for review.
Give your coding tool the framework, affected route, finding type, and desired safe behavior. Do not give it live API keys, private credentials, database exports, raw customer data, or full unredacted logs.
Re-check after you ship a fix
Paid reports include per-finding re-checks after you ship a fix. Re-checks are unlimited per finding, but rate-limited to prevent abuse.
A passing re-check means Probe did not observe that supported issue at that time. It is still not a guarantee that every related risk is gone, so keep normal engineering review and production monitoring in place.
If something looks wrong
If a finding seems confusing, stale, or wrong, email support@runprobe.com with the report link, finding name, submitted URL, and what changed. Do not send secrets or private credentials.