Do not open a public GitHub issue for security vulnerabilities.

Email: [email protected] Subject line: [SECURITY] <brief description>

Include:

• Description of the vulnerability
• Steps to reproduce
• Potential impact
• Any suggested fix (optional but appreciated)

You will receive an acknowledgement within 48 hours and a resolution timeline within 7 days.

In scope:

• The aluminatiai Python agent (this repo)
• The ingest API at aluminatiai.com/v1/metrics/ingest
• The dashboard at aluminatiai.com

Out of scope:

• Vulnerabilities in third-party dependencies (report to them directly)
• Issues requiring physical access to the GPU machine

We follow a 90-day coordinated disclosure timeline. Credit will be given in the release notes unless you prefer to remain anonymous.