If you discover a security vulnerability in this project, please report it responsibly.

Do NOT open a public GitHub issue for security vulnerabilities.

Instead, please email us at security@aivory.net with:

• A description of the vulnerability
• Steps to reproduce the issue
• The potential impact
• Any suggested fixes (optional)

• Acknowledgement: Within 48 hours of your report
• Assessment: Within 5 business days
• Fix: Depending on severity, typically within 7-30 days
• Disclosure: Coordinated with the reporter after a fix is available

This policy applies to the AIVory Monitor agent code in this repository. For vulnerabilities in the AIVory backend or platform, please report those separately at security@aivory.net.

We appreciate the efforts of security researchers and will acknowledge contributors who report valid vulnerabilities (with your permission) in our release notes.