If you discover a security vulnerability in AiSec, please report it responsibly.

Do NOT open a public GitHub issue for security vulnerabilities.

Instead, please email: fboiero@gmail.com

Include the following information:

• Description of the vulnerability
• Steps to reproduce
• Potential impact
• Suggested fix (if any)

• Acknowledgment: Within 48 hours
• Initial Assessment: Within 7 days
• Fix & Disclosure: Coordinated with the reporter, typically within 30 days

The following are in scope for security reports:

• Vulnerabilities in AiSec's code that could be exploited
• Container escape or sandbox bypass in the Docker integration
• Injection vulnerabilities in report generation
• Plugin system security issues
• Credential exposure in logs or reports

AiSec is designed for authorized security testing and assessment. Users are responsible for ensuring they have proper authorization before scanning any AI agent system.