Security
How Panda handles security reports, secrets, tenant isolation, and abuse response.
Report suspected vulnerabilities through the support page with "Security" in the subject. Include reproduction steps, affected guild or account IDs if relevant, and whether any data was accessed.
Do not test against servers you do not own or operate. Do not extract, modify, delete, or disclose data while investigating.
Good-faith testing must avoid service disruption, persistence, social engineering, spam, credential theft, destructive actions, and access to data belonging to other servers or accounts.
If you encounter private data, stop testing, avoid further access, preserve only the minimum evidence needed to explain impact, and report through support.
Panda keeps Discord tokens, managed AI keys, search keys, Solana RPC credentials, and billing secrets in the deployment secret manager.
Repository queries are tenant-scoped by guild, privileged changes are audited, Discord webhooks are verified and idempotent, SOL payment signatures are verified server-side, and paid provider-spend paths check entitlements before work begins.
Panda triages reports by severity, reproducibility, exploitability, customer impact, and whether secrets, billing state, or server content are at risk.
Fixes may include code changes, configuration changes, key rotation, entitlement review, database corrections, customer notice, or temporary feature restrictions.
Panda can disable affected guilds, drain background work, suspend billing entitlements, revoke trial credits, rotate secrets, restore from backup, and preserve audit logs during an investigation.
Confirmed abuse may lead to account restrictions, blocked future installs, support escalation, or additional owner verification before service is restored.
