Legit question: when working on finding security issues, are there any guidelines on what you can send to LLMs/AI?