A friend thinks you can answer this question about AI Code Generation Policy
An engineer accidentally pasted a customer's API credentials into Cursor while debugging. The credentials are now in OpenAI's logs. What does your policy need to address PROACTIVELY?