AI Freedom Trust Federation projects may include public websites, automation systems, cloud tooling, wallet research, and infrastructure experiments. Security reports should be handled carefully and privately.

Do not open a public issue for vulnerabilities.

Send security-sensitive reports to the maintainer contact listed in the affected repository. If no contact is listed, open a minimal public issue that says only:

I have a security-sensitive report and need a private contact path.

Do not include exploit details, credentials, private keys, tokens, personal data, or live targets in public channels.

Security reports may include:

• exposed secrets or credentials
• authentication or authorization bypasses
• data exposure
• unsafe deployment configuration
• dependency vulnerabilities with a credible impact path
• wallet, cryptographic, or value-protocol risks

Maintainers should acknowledge credible reports, avoid public disclosure before mitigation, and document fixes once it is safe to do so.