diff --git a/src/Framework/ExceptionHandling/ExceptionHandlingInitializer.php b/src/Framework/ExceptionHandling/ExceptionHandlingInitializer.php
index 42665428..2a66abcf 100644
--- a/src/Framework/ExceptionHandling/ExceptionHandlingInitializer.php
+++ b/src/Framework/ExceptionHandling/ExceptionHandlingInitializer.php
@@ -35,6 +35,8 @@ final readonly class ExceptionHandlingInitializer
         ?Logger $logger = null
     ): void {
         $isDebugMode = $environmentType->isDebugEnabled();
+        // DIAGNOSTIC: Log debug mode determination (remove after verification)
+        error_log("[ExceptionHandlingInitializer] environmentType={$environmentType->value}, isDebugEnabled={$isDebugMode}");
 
         // ConsoleOutput - only create if CLI context and not already provided
         // For HTTP context, null is acceptable (ConsoleErrorRenderer won't be used)
diff --git a/src/Framework/ExceptionHandling/Renderers/ResponseErrorRenderer.php b/src/Framework/ExceptionHandling/Renderers/ResponseErrorRenderer.php
index 52f482de..2d84ad38 100644
--- a/src/Framework/ExceptionHandling/Renderers/ResponseErrorRenderer.php
+++ b/src/Framework/ExceptionHandling/Renderers/ResponseErrorRenderer.php
@@ -278,6 +278,9 @@ final readonly class ResponseErrorRenderer implements ErrorRenderer
         );
 
         $debugInfo = '';
+        // SECURITY FIX: Only show debug info in development mode
+        // Log to error_log for diagnostic purposes (can be removed after verification)
+        error_log("[ResponseErrorRenderer] isDebugMode={$this->isDebugMode}, APP_ENV=" . ($_ENV['APP_ENV'] ?? 'unknown'));
         if ($this->isDebugMode) {
             $debugInfo = $this->generateDebugSection($exception, $contextProvider);
         }