diff --git a/.jules/sentinel.md b/.jules/sentinel.md
index f07ab16..049a86c 100644
--- a/.jules/sentinel.md
+++ b/.jules/sentinel.md
@@ -7,3 +7,8 @@
 **Vulnerability:** Not a direct security vulnerability, but an environmental instability. The `requirements.txt` allowed `mistralai>=1.1.0`, which pulled in version 2.x.
 **Learning:** MistralAI 2.x introduces breaking changes in the client import structure (`from mistralai import Mistral` fails if not using the new client correctly or if expecting the old one). This caused the entire application (including security tests) to fail on startup.
 **Prevention:** Pin critical dependencies like `mistralai==1.1.0` in `requirements.txt` to ensure consistent behavior across development and CI environments, especially when using agents that rely on specific API structures.
+
+## 2025-04-12 - [MEDIUM] Fix information leakage in API errors
+**Vulnerability:** Raw exception messages (`str(e)`) were being returned directly to the client in HTTP 500 errors in `agents/mistral_agent/agent.py`.
+**Learning:** Returning unhandled exception details can leak sensitive internal state, stack traces, or configuration details to potentially malicious actors.
+**Prevention:** Ensure all APIs catch general exceptions, log the raw error internally using `logging.error()`, and return a generic, sanitized HTTP 500 message like "Internal server error" to the client.
diff --git a/agents/mistral_agent/agent.py b/agents/mistral_agent/agent.py
index e09878d..2c10d78 100644
--- a/agents/mistral_agent/agent.py
+++ b/agents/mistral_agent/agent.py
@@ -8,6 +8,7 @@
 """
 
 import json
+import logging
 import os
 import uuid
 from datetime import UTC, datetime
@@ -318,7 +319,8 @@ async def gap_analysis(req: GapAnalysisRequest, db: AsyncSession = Depends(get_d
             "model": MISTRAL_MODEL,
         }
     except Exception as e:
-        raise HTTPException(status_code=500, detail=str(e))
+        logging.error(f"Error in mistral agent: {e}")
+        raise HTTPException(status_code=500, detail="Internal server error")
 
 
 @router.post("/code-review", summary="DevSecOps code security analysis with Codestral")
@@ -333,7 +335,8 @@ async def code_review(req: CodeReviewRequest, db: AsyncSession = Depends(get_db)
         )
         return {"analysis": result, "model": MISTRAL_CODE_MODEL}
     except Exception as e:
-        raise HTTPException(status_code=500, detail=str(e))
+        logging.error(f"Error in mistral agent: {e}")
+        raise HTTPException(status_code=500, detail="Internal server error")
 
 
 @router.post("/ask", summary="Ask a CMMC/ZT compliance question")
@@ -343,4 +346,5 @@ async def ask_question(req: QuestionRequest):
         answer = await agent.answer_compliance_question(req.question, req.context)
         return {"question": req.question, "answer": answer, "model": MISTRAL_MODEL}
     except Exception as e:
-        raise HTTPException(status_code=500, detail=str(e))
+        logging.error(f"Error in mistral agent: {e}")
+        raise HTTPException(status_code=500, detail="Internal server error")