A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

Contact: mailto:security@fractal-ai.com
Expires: 2026-06-07T00:00:00.000Z
Encryption: https://fractal-ai.replit.app/pgp-key.txt
Preferred-Languages: en
Canonical: https://fractal-ai.replit.app/.well-known/security.txt
Policy: https://fractal-ai.replit.app/security-policy
Hiring: https://fractal-ai.replit.app/careers

# Security Policy

This file contains contact information for security researchers
who have found a vulnerability in Fractal AI Platform.

Please report security vulnerabilities responsibly.

# Bug Bounty

We appreciate security researchers who report vulnerabilities
responsibly and may offer recognition for significant findings.

# Scope

- Web application security vulnerabilities
- API security issues
- Authentication/authorization flaws
- Data privacy concerns
- Infrastructure security issues

# Out of Scope

- Social engineering attacks
- Physical attacks
- DDoS attacks
- Issues requiring physical access to user devices