Imagine you discover a vulnerability in a critical system at Affirm. What steps would you take to address it?