Security
Responsible Disclosure Policy
Last updated: March 2026
We take security seriously. If you've discovered a vulnerability in attacks.ai itself, we want to hear from you.
Scope
This policy covers security issues in:
- The attacks.ai website and infrastructure
- Our APIs and services
- Our probe content and scoring logic
Note: This is for reporting vulnerabilities IN attacks.ai, not vulnerabilities you discovered in AI systems USING attacks.ai.
How to Report
Send vulnerability reports to: attacks@reyse.ai
Please include:
- Description of the vulnerability
- Steps to reproduce
- Potential impact
- Any suggested fixes (optional)
What to Expect
- Acknowledgment: Within 48 hours
- Initial assessment: Within 7 days
- Resolution timeline: Depends on severity, typically 30–90 days
- Credit: With your permission, we'll credit you in our changelog
Guidelines
When researching, please:
- Avoid accessing or modifying other users' data
- Don't perform denial of service attacks
- Don't publicly disclose until we've had time to fix
- Act in good faith
Safe Harbor
We consider security research conducted in accordance with this policy to be authorized. We will not pursue legal action against researchers who:
- Follow this disclosure policy
- Act in good faith
- Avoid privacy violations and data destruction