Responsible disclosure

Security Policy

We welcome good-faith reports of potential vulnerabilities affecting the public World AI Brief website and its directly operated endpoints.

How to report

Email security@worldaibrief.com with the affected URL, a clear description, reproducible steps, likely impact, and any minimal evidence needed to understand the issue.

Testing boundaries

Avoid privacy violations, service disruption, social engineering, denial-of-service activity, automated high-volume testing, destructive actions, and access to data that is not necessary to demonstrate the issue. Do not alter or delete data.

Handling sensitive findings

Stop testing if you encounter personal information, credentials, secrets, or non-public data. Do not retain, share, or access more data than is necessary. Please allow reasonable time for investigation and coordination before public disclosure.

What to expect

We aim to acknowledge a useful report when operationally possible and may ask for clarification. Response and remediation time depends on severity and available information.

No bounty or testing authorization

World AI Brief does not currently operate a bug bounty program. This policy does not authorize destructive testing, access beyond what is publicly available, violation of law, or interference with third-party services. It is not a legal safe-harbor promise.