Only the latest published version of osmosis-ai receives security updates.

Please do NOT open a public GitHub issue for security vulnerabilities.

Instead, report vulnerabilities by emailing brian@osmosis.ai.

Include the following in your report:

• Description of the vulnerability
• Steps to reproduce
• Affected versions
• Potential impact

• Acknowledgement: within 3 business days
• Initial assessment: within 7 business days
• Fix or mitigation: depends on severity, targeting 30 days for critical issues

We follow coordinated disclosure. We ask that you give us reasonable time to address the vulnerability before public disclosure. We will credit reporters in the release notes unless anonymity is requested.