If you discover a security vulnerability in the Bittensor protocol, SDK, or any of its components, we strongly encourage you to report it responsibly.

Please do not publicly disclose the vulnerability until we have had a reasonable chance to address it.

To report a vulnerability, you can use any of the following methods:

• Create a GitHub Issue using the Security label or title.

• Contact us via our official Discord support thread: #btcli-btsdk

When reporting a vulnerability, please provide as much detail as possible:

• Affected component (e.g., bittensor, bittensor-cli, bittensor-wallet, etc.)
• Version or commit hash
• Description of the vulnerability
• Steps to reproduce (if possible)
• Impact assessment
• Any potential mitigations or recommendations

1. We will acknowledge your report within 48 hours.
2. We will investigate and confirm the issue.
3. If confirmed, we will coordinate on a fix and set an embargo period if needed.
4. A fix will be developed, tested, and released as soon as possible.
5. You will be credited (if you wish) in the security section of our release notes.

We appreciate your efforts in keeping the Bittensor ecosystem secure and responsible.