We take the security of Auditi very seriously. If you have found a vulnerability, please report it to us immediately.

Please do not report security vulnerabilities through public GitHub issues.

Please email us at security@auditi.ai with the details of the vulnerability. We will acknowledge your email within 48 hours.

• Acknowledgment: 48 hours
• Initial Assessment: 1 week
• Fix Implementation: 2 weeks (depending on severity)
• Public Disclosure: After fix is released

This policy applies to the Auditi codebase and its dependencies. Vulnerabilities in third-party services or infrastructure are out of scope.