Security Incident and Leak Review

• Disable or rotate suspected API keys, passwords, and access tokens immediately.
• Pause related automation or abnormal calls.
• Preserve request_id, call time, order ID, screenshots, logs, samples, and communication records.
• If suspected illegal activity or national security risk is involved, report through applicable channels as well.

• Discovery time.
• Affected account, team, or API key.
• request_id or call time range.
• Affected model and channel.
• Abnormal samples and evidence.
• Any watermark, hidden marker, test customer, dedicated contact, or unique quote identifier used to trace source.
• Whether the same data was also provided to other platforms, vendors, model providers, employees, customers, or end users.

CodexZH will review controllable call logs, model call records, access records, manual operation records, abnormal access records, and third-party call records as reasonably necessary.

Customer churn, third-party awareness of similar information, similar online information, or unilateral suspicion alone does not prove a platform leak. A leak determination should rely on lawful, objective, complete, and verifiable evidence.