Skip to content

Security: cloudweaver/agentvault

Security

SECURITY.md

Security Policy

Supported Versions

Version Supported
0.1.x

Reporting a Vulnerability

We take security seriously. If you discover a vulnerability, please report it responsibly:

  1. Do not open a public issue
  2. Email security@agentvault.io with details
  3. Include steps to reproduce if possible
  4. Allow up to 48 hours for initial response

Bug Bounty

We offer bounties for critical vulnerabilities:

  • Critical (fund loss risk): Up to $50,000
  • High (policy bypass): Up to $10,000
  • Medium (information disclosure): Up to $2,500

Security Measures

On-Chain

  • All policy constraints enforced at program level
  • Multi-sig upgrade authority
  • Time-locked admin functions
  • Comprehensive test coverage

Off-Chain

  • Agent keys isolated in secure enclaves
  • Rate limiting on all endpoints
  • Audit logging for all operations

Audits

  • Pending: OtterSec (Q2 2026)
  • Pending: Neodyme (Q2 2026)

There aren't any published security advisories