Security

Security Reporting

Security is a top priority for Auren. Found a vulnerability? We'd love your help making our platform safer.

How to Report Issues

Send details to security@elysianlabs.ai. For sensitive reports, we can provide a PGP or age encryption key upon request to ensure end-to-end encrypted communication.

Bounty Program

We may offer bounties for critical security vulnerabilities, depending on severity and impact. Include your payment info if you'd like to be considered.

Bounties are typically awarded for:

• Authentication bypasses
• Remote code execution
• SQL injection
• Significant data exposures
• Access control issues

What to Include

• Clear description of the issue
• Steps to reproduce
• Potential impact
• Suggestions for remediation

Our Process

When you report a vulnerability, we'll:

• Review your report as soon as possible
• Let you know our plan for addressing it
• Keep you updated on our progress
• Acknowledge your contribution in our security hall of fame (with your permission)

Rules of Engagement

Please:

• Give us time to investigate and patch before public disclosure
• Avoid accessing, modifying, or deleting other people's data
• Test only with your own accounts or test accounts
• Don't use heavy automation that could impact our services
• Never attempt to exfiltrate user data, even if you discover a vulnerability that exposes it
• Never attempt to gain root access to any of our systems

Out of Scope

The following are considered out of scope for our security program:

• DNS records and configuration
• Mail server records (SPF, DKIM, DMARC)
• Denial of Service (DoS) or Distributed Denial of Service (DDoS) attacks
• Rate limiting issues that don't expose vulnerabilities
• Physical security vulnerabilities
• Social engineering attacks against our employees
• Vulnerabilities in third-party applications or platforms
• Self-XSS attacks requiring user interaction
• Clickjacking with minimal security implications