At KredosAi, we are committed to ensuring the security of our systems and data. We value the contributions of the security community and welcome reports of potential vulnerabilities in our products, services, and infrastructure. This Vulnerability Disclosure Policy outlines our guidelines for responsibly reporting security issues.

This policy applies to the KredosAi platform, any services associated with the KredosAi platform, or any of the platform-related infrastructure associated with the KredosAi platform. We do not accept reports for vulnerabilities solely affecting our marketing website (www.kredosai.com) which contains no sensitive data. In addition, reports that describe theoretical attacks and lines of attack without significant evidence of exploitability are excluded.

If you believe you’ve discovered a security vulnerability, please complete all fields in the link below.

https://github.com/KredosAI/security

The following are not in scope:

• Social engineering or phishing attacks
• Physical security findings
• Denial of service (DoS) or brute-force attacks
• Spam or abuse reports
• Third-party services not under our control

We request that you:

• Avoid privacy violations, data destruction, or service disruption
• Do not publicly disclose vulnerabilities before we’ve had a chance to resolve them
• Follow all applicable laws