If something feels wrong, report it. A false alarm costs almost nothing; a missed real one is much worse.
How to report
| Severity | How |
|---|
| Active emergency (suspected attack, ransomware, data exfiltration in progress) | File the Security Incident intake form — the form has Better Stack on-call integration and pages the security on-call automatically — AND email security@neuroscale.ai. |
| Non-urgent (suspicious email, lost device, weird behavior, policy violation) | Email security@neuroscale.ai or post in #security-incidents. |
| Vulnerability disclosure (security researchers, internal staff with a finding) | File the Vulnerability intake form. |
What to include
Be a good witness. Include:
- What you observed.
- When — date and time, including time zone.
- Where — system, URL, device.
- Who — accounts involved (if known).
- Evidence — screenshots, headers, links (don’t click suspicious links — copy them as text).
What happens next
The Security team triages and assigns a severity per the Incident Response Plan. You’ll get acknowledgement within 1 business hour during working hours, or as soon as on-call is paged outside working hours via the Better Stack incident-reporting form for active emergencies.
You will not get in trouble for reporting in good faith — even if it turns out to be nothing. Retaliation against good-faith reporters is itself a policy violation, see Whistleblower.
Phishing
If you receive a suspicious email:
- Don’t click links or open attachments.
- Don’t reply.
- Report it via the “Report Phishing” button in Outlook AND forward to security@neuroscale.ai.
- Delete the email after reporting.
Lost device
If your laptop, phone, or auth token is lost or stolen, see Lost or stolen device immediately.
Version history
| Version | Date | Description | Author | Approved by |
|---|
| 1.0 | May 8, 2026 | Initial version | Cameron Wolfe | Ishan Jadhwani |
