AI Analytics

Security

Responsible disclosure acknowledgments.

We thank everyone who practices coordinated disclosure. Reporters listed here agreed to be named. To report a vulnerability, follow the process at /.well-known/security.txt.

Hall of recognition

No public disclosures have been credited yet. When we receive a valid report and the reporter consents to acknowledgment, they will appear here.

How to report

  1. Encrypt your report with the PGP key at /pgp.asc.
  2. Email info@ai-analytics.org with a clear subject line and reproducible steps.
  3. Acknowledgment within 24 hours. Triage within 5 business days.
  4. Coordinated disclosure preferred — we will credit you here by name (or alias) if you consent.

Full policy: /.well-known/security.txt (RFC 9116)

Scope

  • In scope: ai-analytics.org, api.ai-analytics.org, voidly.ai, github.com/voidly-ai/* (probe and MCP code).
  • Out of scope: Social engineering, physical security, DoS/DDoS, issues in third-party dependencies already reported upstream.
  • Safe harbor: Good-faith research that follows this policy will not be subject to legal action.