We accept vulnerability reports exclusively through GitHub Private Security Advisories:
https://github.com/CodaCipher/opengnosis/security/advisories/new
Please do not file public issues for security-sensitive bugs. Email-based reporting is not available.
| In scope | Out of scope |
|---|---|
OpenGnosis CLI (opengnosis_cli.py) |
OpenRouter API service |
Orchestrator (scripts/core/orchestrator.py) |
Target LLM provider platforms |
Method runners (scripts/methods/) |
Third-party model weights or outputs |
Core modules (scripts/core/) |
User-defined prompts or jailbreak content |
- We aim to acknowledge reports within 7 days.
- We follow a 90-day coordinated disclosure timeline. If a fix is not ready within 90 days, we will work with the reporter to agree on next steps.
- Please allow us time to patch before public disclosure.
OpenGnosis is a research tool designed to advance the understanding of LLM safety. Using it to attack production systems without explicit authorization is:
- A violation of the AGPL-3.0 license (§7 additional terms may apply).
- Incompatible with the ethical principles of this project.
We take responsible use seriously. If you discover that OpenGnosis is being used maliciously, please let us know via the advisory link above.
This policy will be updated as the project matures.