If you discover a security vulnerability, please report it responsibly:
- Do NOT open a public GitHub issue
- Email: john@itallstartedwithaidea.com
- Include: description, steps to reproduce, potential impact
We will respond within 48 hours and work with you to address the issue.
- MCP server credential handling
- OAuth token storage and transmission
- API key exposure in logs or error messages
- Training data containing PII
- Google/Meta/Microsoft API vulnerabilities (report to those platforms directly)
- Social engineering attacks
- Denial of service