diff --git a/.Jules/sentinel.md b/.Jules/sentinel.md
index 0f720988..85105413 100644
--- a/.Jules/sentinel.md
+++ b/.Jules/sentinel.md
@@ -1,2 +1,3 @@
 ## 2026-03-27 - Prevent SQL Error Leakage | Vulnerability: Information Exposure through Error Messages | Learning: Database error traces bubbling up to users can leak schema and path information. | Prevention: Catch database exceptions and return generic error messages (e.g. 500 Internal Server Error) to the client while logging the detailed exception server-side.
 ## 2026-03-29 - Server-Side Logging of Database Errors | Vulnerability: Insufficient Logging and Monitoring | Learning: Swallowing database errors without logging them hides potential malicious activity like SQL injection attempts. | Prevention: Always log database exception details using `logger.error` on the backend before returning a sanitized generic error to the client.
+## 2026-03-31 - Mask API Exception Details | Vulnerability: Information Exposure through Exceptions | Learning: Passing raw exception objects (`str(e)`) directly to FastAPI `HTTPException` detail fields leaks internal stack traces and error states to end-users. | Prevention: Always log exception objects server-side using `logger.error()` and raise HTTPExceptions with generic error details like 'Internal server error', removing the `from e` exception chaining clause.
diff --git a/api/pixel_inference_service.py b/api/pixel_inference_service.py
index 0ae7008e..45444863 100644
--- a/api/pixel_inference_service.py
+++ b/api/pixel_inference_service.py
@@ -406,7 +406,7 @@ async def infer(request: PixelInferenceRequest, background_tasks: BackgroundTask
         return await inference_engine.generate_response(request)
     except Exception as e:
         logger.error(f"Inference error: {e}")
-        raise HTTPException(status_code=500, detail=str(e)) from e
+        raise HTTPException(status_code=500, detail="Internal server error")
 
 
 @app.post("/batch-infer")
@@ -422,7 +422,7 @@ async def batch_infer(requests: list[PixelInferenceRequest]):
             responses.append(response)
         except Exception as e:
             logger.error(f"Batch inference error: {e}")
-            responses.append({"error": str(e)})
+            responses.append({"error": "Internal server error"})
 
     return {"results": responses}
 
@@ -437,7 +437,7 @@ async def reload_model():
         raise HTTPException(status_code=500, detail="Failed to reload model")
     except Exception as e:
         logger.error(f"Reload error: {e}")
-        raise HTTPException(status_code=500, detail=str(e)) from e
+        raise HTTPException(status_code=500, detail="Internal server error")
 
 
 if __name__ == "__main__":