Responsible disclosure
If you believe you have found a security vulnerability in ChronoVault or VektorAI's infrastructure, we want to hear from you. This page explains how to report, what happens next, and our commitments in return.
How to report
Send a report to sridhar@vektor-ai.ai with the subject line starting [security]. If you prefer to speak with us, you can reach the founder at +91 725 952 8336. A PGP key for encrypted communication will be published here shortly; you do not need to encrypt, and we will honor the same commitments either way.
What to include
A description of the vulnerability, the affected component, steps to reproduce, and any impact assessment you have made. We do not require you to have exploited the issue — a clear description and reproduction is enough.
Our commitments
We will acknowledge receipt of your report within 24 hours and provide a status update within five business days. We will work with you on coordinated disclosure on request, and we will credit you in the hall of fame at the bottom of this page if you wish. We will not pursue legal action against researchers acting in good faith and in line with this policy.
Out of scope
Social engineering of VektorAI staff, physical access to VektorAI offices, denial-of-service attacks against the production service, and automated scanner findings without a demonstrable impact are out of scope.
Hall of fame
[[TODO: populate as applicable.]]