diff --git a/server/services/alertService.js b/server/services/alertService.js
index a8d7170..aeb4879 100644
--- a/server/services/alertService.js
+++ b/server/services/alertService.js
@@ -464,19 +464,22 @@ class AlertService {
         try {
           switch (channel) {
             case 'sms':
-              if (rule.alert_channels.includes('sms') && rule.sms_phone_number) {
+              // For critical threats, force SMS even if not in rule channels, otherwise check rule configuration
+              if ((threatAssessment.level === 'critical' || rule.alert_channels.includes('sms')) && rule.sms_phone_number) {
                 alertLog = await this.sendSMSAlert(rule.sms_phone_number, message, rule, detection, threatAssessment, alertEventId);
               }
               break;
 
             case 'email':
-              if (rule.alert_channels.includes('email') && (rule.email || user.email)) {
+              // For critical threats, force email even if not in rule channels, otherwise check rule configuration
+              if ((threatAssessment.level === 'critical' || rule.alert_channels.includes('email')) && (rule.email || user.email)) {
                 alertLog = await this.sendEmailAlert(rule.email || user.email, message, rule, detection, threatAssessment, alertEventId);
               }
               break;
 
             case 'webhook':
-              if (rule.alert_channels.includes('webhook') && rule.webhook_url) {
+              // For critical threats, force webhook even if not in rule channels, otherwise check rule configuration
+              if ((threatAssessment.level === 'critical' || rule.alert_channels.includes('webhook')) && rule.webhook_url) {
                 alertLog = await this.sendWebhookAlert(rule.webhook_url, detection, device, rule, threatAssessment, alertEventId);
               }
               break;