CORTEX is a local simulation platform and does not expose network services, authentication systems, or user data by default. However, potential security concerns include:

• Pickle deserialization — CORTEX uses Python's pickle module to serialize and deserialize PyTorch model weights into cortex.db. Loading a maliciously crafted .db file from an untrusted source could execute arbitrary code.
• Dependency vulnerabilities — Outdated versions of torch, pygame, numpy, or psutil may carry known CVEs.

Please report a vulnerability if you identify:

• A way to achieve remote code execution via CORTEX's database loading mechanism.
• A dependency with a critical CVE that affects CORTEX's execution environment.
• Any other security-relevant issue in the codebase.

Do not open a public GitHub Issue for security vulnerabilities.

Report privately by:

1. Opening a GitHub Security Advisory on this repository.
2. Including a clear description of the vulnerability, reproduction steps, and potential impact.

We will acknowledge reports within 72 hours and aim to release a patch within 14 days for confirmed critical issues.

• Only load cortex.db files you generated yourself. Never load a database received from an untrusted third party, as pickle-serialized weights can contain malicious payloads.
• Keep your Python dependencies up to date:

  pip install --upgrade -r requirements.txt

• If contributing code that touches the checkpoint serialization path (database.py), consider safer alternatives such as torch.save/torch.load with weights_only=True.