If you discover a security vulnerability, please report it privately:
- Do not open a public issue
- Email security@ainfera.ai with details and reproduction steps
- You will receive a response within 48 hours
- Do not disclose the vulnerability publicly until a fix is released
- All inference responses carry cryptographically signed audit receipts
- Audit chain can be independently verified offline using ainfera-verify
- No trusted third parties required for verification
- AgentCards are signed and tamper-evident
Only the latest release receives security updates.