# Security Findings - Verify API keys in .env files are not hardcoded or leaked in history. - detections_history.json might leak PII if not properly protected or if stored in public storage. - Ensure lert_routing.py doesn't expose sensitive info to unauthorized webhooks.