Responsible Disclosure & Vulnerability Reporting Policy

AIBound is committed to maintaining the security of our platform, infrastructure, and the data entrusted to us. We value the security research community and encourage responsible reporting of potential vulnerabilities.
If you believe you have discovered a security vulnerability affecting AIBound systems or services, we encourage you to report it to us so we can investigate and resolve the issue as quickly as possible.

Scope

This policy applies to vulnerabilities discovered in:

  • AIBound public websites
  • AIBound platform services
  • AIBound APIs
  • AIBound-hosted infrastructure
  • Publicly accessible AIBound systems

The policy does not apply to third-party services or infrastructure providers used by AIBound unless the vulnerability directly affects AIBound systems.

How to Report a Vulnerability

Please submit vulnerability reports to:
security@aibound.com

Include as much of the following information as possible:

  • Description of the vulnerability
  • Steps to reproduce the issue
  • Impact assessment or potential risk
  • Affected URL, endpoint, or system component
  • Screenshots or proof-of-concept code if available

Providing clear reproduction steps helps us resolve issues more quickly.

Our Commitment

When a vulnerability is reported responsibly and in good faith, AIBound commits to:

  • Acknowledge receipt of the report within 2 business days
  • Investigate and validate the reported vulnerability
  • Work to remediate confirmed issues as quickly as possible
  • Provide status updates during the investigation process
  • Credit researchers who report valid vulnerabilities, if desired

Responsible Research Guidelines

To help protect our customers and systems, we ask that researchers:

  • Avoid accessing or modifying customer data
  • Avoid actions that could degrade or disrupt our services
  • Do not perform denial-of-service attacks
  • Do not attempt social engineering or physical security testing
  • Do not exploit vulnerabilities beyond what is necessary to demonstrate their existence

Testing should be limited to what is necessary to identify and validate the issue.

Safe Harbor

AIBound will not pursue legal action against security researchers who:

  • Follow this policy
  • Act in good faith
  • Avoid privacy violations, data destruction, or service disruption
  • Provide us a reasonable opportunity to investigate and remediate the issue before public disclosure

We consider responsible disclosure conducted in accordance with this policy to be authorized security research.

Coordinated Disclosure

We request that researchers do not publicly disclose vulnerabilities until:

  • AIBound has confirmed and remediated the issue, or
  • We have mutually agreed on a disclosure timeline

Our goal is to coordinate disclosure in a way that protects users and maintains platform security.

Out of Scope

The following are generally considered out of scope for this program:

  • Vulnerabilities affecting only third-party services
  • Missing security headers without a demonstrated exploit
  • Automated scanner output without proof of exploitability
  • Social engineering attacks against AIBound employees
  • Physical security issues
  • Denial-of-service attacks

Recognition

We appreciate the efforts of the security research community and may publicly acknowledge researchers who responsibly report vulnerabilities.

At this time, AIBound does not offer a formal bug bounty program.

Contact

For vulnerability reporting or security questions, contact:
security@aibound.com

Security Commitment

Security is fundamental to the AIBound platform. We continuously improve our security practices through:

  • AIBound is certified for SOC 2 Type II
  • AIBound is certified forISO-aligned security controls
  • Continuous monitoring and vulnerability management
  • Secure development and infrastructure practices
Get My AI Inventory