We take security vulnerabilities very seriously and appreciate efforts to responsibly disclose findings.
Please report security vulnerabilities by emailing contact@primeintellect.ai.
Please do not report security vulnerabilities through public GitHub issues, discussions, or pull requests.
Instead, please send reports privately via email. This helps ensure that any vulnerabilities are handled securely and fixed before they become public knowledge.
Please include the following information in your report:
- Description of the vulnerability
- Steps to reproduce the issue
- Potential impact of the vulnerability
- Any suggested fixes or mitigations (if applicable)
We aim to respond to security reports within 1 business day and will keep you informed throughout the process of fixing and disclosing the vulnerability.
The general process is:
- Security report received and acknowledged
- Issue is investigated and severity assessed
- Fix is developed and tested
- Security patches are deployed
- Public disclosure (if appropriate)
The following are in scope for security reports:
- Prime Protocol smart contracts
- Worker node software
- Validator node software
- Discovery service
- Orchestrator service
- Protocol APIs and interfaces
There is currently no formal bug bounty program, but significant vulnerabilities that are responsibly disclosed may be rewarded at our discretion.
When running Prime Protocol nodes:
- Keep all software components up to date
- Use strong passwords and key management practices
- Follow security hardening guides for your operating system
- Monitor system logs for suspicious activity
- Maintain regular backups
- Use firewalls and access controls
- Keep private keys secure and encrypted
PGP public keys for encrypted communications will be published here once available.
Security advisories and updates will be published in our GitHub Security Advisories section when public disclosure is appropriate.