1. Flesh out the E2E test suite with more negative tests for authentication
2. Refactor the auth subsystem to make it more self-contained and harder to misuse within the codebase.
3. Add property-based/fuzz testing for the auth subsystem
4. Engaging with the Hasura & security community via a bug-bounty program

These are the immediate action items. As we make more progress and flesh these issues out in more detail, we will be linking to appropriate issues.