Agentic Trust

Responsible Disclosure Policy

Last updated: June 2025

Overview

At Agentic Trust, we take the security of our systems and our users' data extremely seriously. We appreciate the work of security researchers and the broader community in helping us maintain a high standard of security.

This policy outlines how to report security vulnerabilities to us in a responsible manner, and what you can expect from us in return.

Scope

This policy applies to any security vulnerabilities discovered in:

  • The Agentic Trust platform and API
  • Our official client libraries and SDKs
  • Our website and web applications
  • Our mobile applications (if applicable)
  • Any other services operated by Agentic Trust

How to Report a Vulnerability

Important:

Please report security vulnerabilities to us privately through secure channels on our website.

When reporting a vulnerability, please include:

  • A detailed description of the vulnerability
  • Steps to reproduce the issue
  • Potential impact of the vulnerability
  • Any proof-of-concept code (if applicable)
  • Your suggested remediation (if any)

Please encrypt sensitive information when reporting vulnerabilities. PGP keys are available upon request.

Our Commitment

When you report a vulnerability to us, we commit to:

  • Acknowledge receipt of your report within 48 hours
  • Provide an initial assessment within 5 business days
  • Keep you informed about our progress
  • Credit you for the discovery (unless you prefer to remain anonymous)
  • Not pursue legal action against you if you follow this policy

Guidelines for Researchers

To ensure responsible disclosure, please:

  • Make a good faith effort to avoid privacy violations and disruptions
  • Only interact with accounts you own or with explicit permission
  • Do not access or modify user data without permission
  • Do not perform actions that could harm our services or users
  • Do not publicly disclose the vulnerability before we've addressed it
  • Do not demand compensation for reporting vulnerabilities

Out of Scope

The following issues are generally out of scope:

  • Denial of Service (DoS) attacks
  • Social engineering or phishing
  • Physical attacks against our facilities or employees
  • Issues in third-party services or libraries (unless they directly impact our security)
  • Vulnerabilities requiring unlikely user interaction
  • Recently disclosed vulnerabilities (please allow us reasonable time to patch)

Recognition

We believe in recognizing the efforts of security researchers who help us improve our security. With your permission, we may:

  • Acknowledge your contribution in our security updates
  • List your name in our security hall of fame
  • Provide a letter of appreciation

Legal Safe Harbor

We consider security research conducted in accordance with this policy to be:

  • Authorized concerning any applicable anti-hacking laws
  • Exempt from restrictions in our Terms of Service that would interfere with security research
  • Conducted in good faith

We will not initiate legal action against researchers who follow this policy. If legal action is initiated by a third party, we will take steps to make it known that your actions were conducted in compliance with this policy.

Contact Information

Response Time: Within 48 hours

Encrypted Communication: PGP key available upon request

Acknowledgments

We would like to thank the following security researchers for their responsible disclosure:

No vulnerabilities have been reported yet. Be the first to help us improve our security!