A critical Probe finding means Probe observed a public-surface condition that needs fast human review. It does not prove a breach, confirm exploitation, or know whether anyone else saw the issue.
Move quickly, keep the report private, and involve the person who can safely change production.
First steps
› Open the full finding and identify the affected URL, route, asset, or behavior.
› Limit sharing to the founder, CTO, on-call engineer, or responsible technical owner.
› If the finding involves a key or token, rotate it before assuming removal is enough.
› If a debug, admin, payment, or model endpoint is public, restrict it or disable it safely.
› Redeploy from a clean configuration.
› Use the paid report re-check after the fix ships.
Common critical scenarios
If Probe reports a service-role key, Stripe secret, AI service token, or similar secret in public browser code, rotate the credential in the provider dashboard immediately. Then move privileged logic to server-only code and redeploy.
If Probe reports a public admin or debug surface, confirm whether the route should exist in production. Internal tools should usually require authentication, be removed, or be protected at the infrastructure layer.
If Probe reports a Stripe webhook signature issue, make sure the webhook verifies Stripe-Signature with Stripe's official library before trusting the event body.
If Probe reports a model or admin endpoint exposure, check whether an unauthenticated request can trigger expensive or privileged actions. Add authentication, authorization, rate limits, and usage controls as needed.
Use AI coding tools safely
Your AI coding tool can help draft fixes when you give it scoped, sanitized context. Share the finding type, affected route, framework, and desired behavior.
Do not paste live API keys, passwords, database exports, private customer data, or unredacted report screenshots into AI tools.
When to contact Probe
Email support@runprobe.com if the finding is unclear, appears stale, or you need help interpreting what Probe observed. Include the report link, finding name, submitted URL, and what changed.
Probe support can explain product behavior and scan evidence. Your team remains responsible for production fixes, incident response, customer communication, and legal review.