Responsible Disclosure Policy
Last updated: May 14, 2026
Reporting a Vulnerability
If you believe you have found a security vulnerability in AGENSTAB's products or infrastructure, we encourage you to report it to us responsibly. We appreciate your help in keeping our users safe.
How to Report
- Email: security@agenstab.com
- Subject line: [SECURITY] Brief description of the vulnerability
- Include: Steps to reproduce, impact assessment, and any proof-of-concept code
Our Commitments
- We will acknowledge receipt of your report within 48 hours
- We will provide an initial assessment within 5 business days
- We will work with you to understand and validate the issue
- We will notify you when the vulnerability has been remediated
- We will credit you publicly (if desired) for responsible disclosure
Scope
The following are in scope for security reports:
- AGENSTAB Engine (WebSocket API, session management, action execution)
- AGENSTAB Website (agenstab.com, agenstab.com)
- AGENSTAB Chrome Extension
- AGENSTAB SDKs (Python, Node.js, Go)
- Authentication and authorization systems
Out of Scope
- Social engineering attacks against AGENSTAB employees
- Denial of service attacks
- Issues in third-party services (Firebase, Cloudflare, Google)
- Issues already reported and under remediation
Safe Harbor
We consider security research conducted in accordance with this policy to be authorized. We will not pursue legal action against researchers who act in good faith and comply with this policy. We ask that you:
- Do not access, modify, or delete data belonging to other users
- Do not degrade the performance of our services
- Do not publicly disclose the vulnerability before we have had a reasonable time to remediate it
Penetration Testing
We perform continuous internal vulnerability scanning. A formal third-party penetration test will be scheduled as the platform scales. Results will be made available to enterprise customers under NDA upon request.
Insurance
AGENSTAB maintains cyber liability insurance appropriate for the nature and scale of our operations. Details are available to enterprise customers and investors upon request.