If you discover a security vulnerability in Agent Tools, please report it responsibly.

Do NOT open a public GitHub issue for security vulnerabilities.

Instead, please email: security@atmatic.ai

You should receive a response within 48 hours. We will work with you to understand and address the issue before any public disclosure.

This policy applies to:

• @atmaticai/agent-tools
• @atmaticai/agent-tools
• @atmaticai/agent-tools/a2a
• @atmaticai/agent-tools-web
• Docker images published to ghcr.io/AtmaticAI/agent-tools

• We will acknowledge receipt of your vulnerability report within 48 hours
• We will provide an estimated timeline for a fix within 5 business days
• We will notify you when the vulnerability is fixed
• We will credit you in the release notes (unless you prefer otherwise)