Responsible disclosure
Security Policy
We welcome good-faith reports of potential vulnerabilities affecting the public World AI Brief website and its directly operated endpoints.
How to report
Email security@worldaibrief.com with the affected URL, a clear description, reproducible steps, likely impact, and any minimal evidence needed to understand the issue.
Testing boundaries
Avoid privacy violations, service disruption, social engineering, denial-of-service activity, automated high-volume testing, destructive actions, and access to data that is not necessary to demonstrate the issue. Do not alter or delete data.
Handling sensitive findings
Stop testing if you encounter personal information, credentials, secrets, or non-public data. Do not retain, share, or access more data than is necessary. Please allow reasonable time for investigation and coordination before public disclosure.
What to expect
We aim to acknowledge a useful report when operationally possible and may ask for clarification. Response and remediation time depends on severity and available information.
No bounty or testing authorization
World AI Brief does not currently operate a bug bounty program. This policy does not authorize destructive testing, access beyond what is publicly available, violation of law, or interference with third-party services. It is not a legal safe-harbor promise.