"Tell me about a time you discovered a serious application security weakness that others were treating as a quick filter or tooling problem, but you believed needed a deeper fix. How did you communicate the risk, align the right people, and drive a permanent resolution when the path forward was still unclear?"
