Vapi is the Voice AI platform for developers.

Vapi AI

Support - our team discovered fraudlent activity on our development vapi twilio account today.  

Investigation came back the cause was an update to the call answer URL.  It seems our SID/token were compromised externally.  We have only used these items within the VAPI enviroment.

Can you confirm that SID/token info is encrypted/destroyed once it is used to link up a phone number?  Is there anywhere Vapi shares its security policy?

Hey CarBot, looking into this for you let me check with the team.

Thanks for bearing with me, yes it's just passed directly to Twilio to get phone number details and then modify the webhook url for calls.  
  
Here you can find all of our security documentation & policies:  
  
<https://security.vapi.ai/>  
  
Let me know if there's any other questions or requests I can help you out with! Sorry to hear that happened to you.