If you discover a security vulnerability in any Dakera repository, please do not open a public issue.

Use GitHub Private Security Reporting: Navigate to the affected repository → Security tab → Report a vulnerability. This creates a private advisory visible only to maintainers and keeps the disclosure confidential until a fix is ready.

We will acknowledge receipt within 48 hours and aim to provide an initial assessment within 5 business days.

We provide security updates for the latest release of each repository. We recommend always running the most recent version.

• We follow coordinated disclosure. We will work with you to understand and address the issue before any public disclosure.
• Credit will be given to reporters unless they prefer to remain anonymous.
• We will publish security advisories through GitHub Security Advisories.

This policy applies to all repositories under the Dakera-AI organization.