Security & Compliance
Responsible Disclosure
Last updated: April 2026
AI Survivors values the contribution of security researchers to a safer internet. If you discover a vulnerability in our systems or services, we invite you to report it responsibly.
How to Report
Send your finding to [email protected].
Please include:
- A description of the vulnerability and its potential impact
- Steps to reproduce
- Affected systems or URLs
- Your contact details (optional, but helpful for follow-up)
PGP encryption is available on request.
What to Expect
| Step | Timeline |
|---|---|
| Acknowledgement of receipt | Within 72 hours |
| Initial assessment | Within 5 business days |
| Status update | Every 14 days while under investigation |
| Resolution (depending on severity) | Critical: ≤7 days / High: ≤30 days / Other: ≤90 days |
Scope
In scope:
- aisurvivors.com and subdomains
- API endpoints of AI Survivors services
- Our web applications
- Cloud infrastructure and Kubernetes cluster (no active exploitation)
Out of scope:
- Denial-of-service attacks
- Social engineering of staff
- Physical attacks
- Vulnerabilities in third-party software outside our control
Safe Harbor
If you act in good faith and follow these guidelines, we will:
- Not take legal action in connection with your report
- Not disclose your name without your explicit consent
- Treat your report confidentially
We expect you to:
- Not copy, modify or delete data
- Not inform third parties before the issue is resolved
- Not go beyond what is necessary to demonstrate the vulnerability
Recognition
Researchers who report vulnerabilities that lead to a fix are noted in our internal security log. Public acknowledgement only with your consent.
