HireProxy.ai← Back to HireProxy.ai

AI Incident Response Plan

Version 1.0 · February 2026 · Broadlake Technologies LLC

This plan covers the identification, escalation, and resolution of incidents affecting HireProxy.ai, a multi-tenant SaaS platform where candidates create AI-powered career assistants. Incidents may affect individual tenants, the platform as a whole, or third-party service integrations.

Incident Types

Type 1: Hallucination / Incorrect Information

An AI career assistant states something factually incorrect about a candidate's experience, credentials, or employment history.

  1. Document the specific claim, conversation context, and affected tenant
  2. Verify the claim against the tenant's knowledge base and source materials
  3. If confirmed incorrect, update the knowledge base or add a system prompt constraint for that tenant
  4. Notify the candidate (tenant owner) and respond to the reporter if applicable
  5. Assess whether the issue is systemic (affecting multiple tenants) or isolated

Timeline: Investigate within 24 hours, resolve within 72 hours

Type 2: Inappropriate Response

An AI assistant generates content that is offensive, harmful, or unprofessional within a career conversation context.

  1. Capture the exact response and full conversation history from logs
  2. Assess severity (minor tone issue vs. harmful content) and determine affected scope
  3. If severe, disable the affected tenant's assistant immediately while investigating
  4. Add constraints to the system prompt to prevent recurrence
  5. Notify the affected candidate and any impacted external users

Timeline: Assess within 4 hours, mitigate within 24 hours

Type 3: Prompt Injection / Security Breach

A user successfully manipulates an AI assistant to bypass system instructions, extract system prompts, or access data outside the intended scope.

  1. Document the injection technique and attack vector
  2. Add specific defenses to system prompts across all affected tenants
  3. Review rate limiting and access controls for the source IP or account
  4. Assess whether cross-tenant data exposure occurred and notify affected candidates if so

Timeline: Assess within 24 hours, patch within 48 hours

Type 4: Cross-Tenant Data Leakage

One candidate's data appears in another candidate's AI assistant responses, or unauthorized access to tenant data is detected.

  1. Immediately disable affected assistants pending investigation
  2. Audit Supabase Row Level Security policies and tenant isolation logic
  3. Determine the root cause (application bug, RLS misconfiguration, or API-level issue)
  4. Notify all affected candidates within 24 hours of confirmation
  5. Deploy fix and conduct full regression test before restoring service

Timeline: Disable immediately, investigate within 4 hours, resolve within 24 hours

Type 5: Service Disruption

The platform or a critical dependency becomes unavailable or experiences degraded performance affecting multiple tenants.

  1. Check Vercel deployment status, Supabase health, and Anthropic API status
  2. Review Sentry error logs for root cause identification
  3. If Anthropic API is down, display a graceful fallback message to recruiters
  4. Redeploy or roll back to the last stable version if necessary
  5. Communicate status to affected tenants via email (Resend)

Timeline: Investigate immediately, restore within 4 hours

Emergency Disable

If a critical issue requires immediate platform-wide action: Set the relevant environment variable to disable AI endpoints globally, push a deployment with the chat interface disabled, or display a maintenance message across all tenant assistants. For tenant-specific issues, individual assistants can be disabled without affecting the broader platform.

Notification Protocol

Contact

Incidents can be reported to: privacy@hireproxy.ai

← Back to Privacy Policy