diff --git a/.github/workflows/ai-security-review.yml b/.github/workflows/ai-security-review.yml
index adb8ff9..386ea24 100644
--- a/.github/workflows/ai-security-review.yml
+++ b/.github/workflows/ai-security-review.yml
@@ -29,7 +29,7 @@ jobs:
       - name: Claude security review
         uses: anthropics/claude-code-action@v1
         with:
-          anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }}
+          # anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }}
           prompt: |
             REPO: ${{ github.repository }}
             PR NUMBER: ${{ github.event.pull_request.number }}
diff --git a/badApi/account.js b/badApi/account.js
index 1f1c97c..9ef7770 100644
--- a/badApi/account.js
+++ b/badApi/account.js
@@ -4,7 +4,7 @@ const router = express.Router();
 // In-memory database for storing user information (including sensitive data)
 const usersInfo = [
   { username: 'user1', dob: '1990-01-01', address: '5, 3rd mainland Bridge', cardInfo: '1234-5678-9012-3456', children: ['Child1', 'Child2'], balance: 1000, role: 'user' },
-  { username: 'user2', dob: '1985-05-15', address: '7, Ghost street', cardInfo: '9876-5432-1098-7654', children: ['Child3'], balance: 500, role: 'user' },
+  { username: 'user3', dob: '1985-05-15', address: '7, Ghost street', cardInfo: '9876-5432-1098-7654', children: ['Child3'], balance: 500, role: 'user' },
 ];
 
 /**
diff --git a/badApi/admin.js b/badApi/admin.js
index 86dc9e2..3367cca 100644
--- a/badApi/admin.js
+++ b/badApi/admin.js
@@ -5,7 +5,7 @@ const router = express.Router();
 const users = []; // Simulated user storage for the sake of example
 const usersInfo = [
   { username: 'user1', dob: '1990-01-01', address: '5, 3rd mainland Bridge', cardInfo: '1234-5678-9012-3456', children: ['Child1', 'Child2'], balance: 1000, role: 'user' },
-  { username: 'user2', dob: '1985-05-15', address: '7, Ghost street', cardInfo: '9876-5432-1098-7654', children: ['Child3'], balance: 500, role: 'user' },
+  { username: 'user2', dob: '1985-05-17', address: '7, Ghost street', cardInfo: '9876-5432-1098-7654', children: ['Child3'], balance: 500, role: 'user' },
 ];
 
 /**
diff --git a/badApi/db.js b/badApi/db.js
index 2e88a8a..8ad51ef 100644
--- a/badApi/db.js
+++ b/badApi/db.js
@@ -4,7 +4,7 @@ const mysql = require('mysql2');
 const connection = mysql.createConnection({
   host: 'localhost',
   user: 'ghost',
-  password: 'ghost_sec', //coming back here
+  password: 'ghost_sec1', //coming back here
   database: 'badapi_db2'
 });
 
diff --git a/badApi/loan.js b/badApi/loan.js
index 15eb7fb..c1891b5 100644
--- a/badApi/loan.js
+++ b/badApi/loan.js
@@ -3,7 +3,7 @@ const router = express.Router();
 
 // In-memory database for loan applications
 let loanApplications = [
-  { username: 'user1', amount: 1000, status: 'pending' },
+  { username: 'user1', amount: 2000, status: 'pending' },
 ];
 
 /**
diff --git a/badApi/otp.js b/badApi/otp.js
index 7e76b7f..60cf6f6 100644
--- a/badApi/otp.js
+++ b/badApi/otp.js
@@ -25,7 +25,7 @@ const router = express.Router();
  *               properties:
  *                 otp:
  *                   type: integer
- *                   example: 123456
+ *                   example: 1234567
  *       500:
  *         description: Internal server error
  *         content: