| Version | Supported |
|---|---|
| 0.1.x | ✅ |
We take security seriously. If you discover a vulnerability, please report it responsibly:
- Do not open a public issue
- Email security@agentvault.io with details
- Include steps to reproduce if possible
- Allow up to 48 hours for initial response
We offer bounties for critical vulnerabilities:
- Critical (fund loss risk): Up to $50,000
- High (policy bypass): Up to $10,000
- Medium (information disclosure): Up to $2,500
- All policy constraints enforced at program level
- Multi-sig upgrade authority
- Time-locked admin functions
- Comprehensive test coverage
- Agent keys isolated in secure enclaves
- Rate limiting on all endpoints
- Audit logging for all operations
- Pending: OtterSec (Q2 2026)
- Pending: Neodyme (Q2 2026)