| # Security Policy | |
| ## Supported Versions | |
| We maintain the latest main branch. Please ensure you are on a recent commit before reporting issues. | |
| ## Reporting a Vulnerability | |
| - Email: `hello@cogni-x.com` | |
| - Alternatively, open a confidential issue labeled `security` | |
| Please include: | |
| - A clear description and reproduction steps | |
| - Impact and affected environments | |
| - Suggested remediation if known | |
| We aim to acknowledge within 72 hours and provide a fix or mitigation timeline after triage. | |
| ## Scope | |
| This policy covers: | |
| - Inference and configuration misuse leading to unsafe behavior | |
| - Data leakage, PII exposure, or privacy concerns | |
| - License or attribution compliance issues | |
| ## Responsible Disclosure | |
| Do not publicly disclose vulnerabilities before coordinated release of a fix or mitigation. We appreciate your help keeping the community safe. | |