Security Policy
Supported Versions
The following versions of this project are currently supported with security updates.
| Version | Supported |
|---|---|
| Latest | Supported |
| Legacy Releases | Not supported |
Reporting a Vulnerability
At DrPinnacle, security is a core priority. We appreciate responsible disclosure from security researchers, developers, customers, and the broader community.
If you discover a security vulnerability, report it responsibly and privately. Please do not publicly disclose vulnerabilities until they have been reviewed and addressed.
Please include the following information in your report:
- Description of the vulnerability
- Steps to reproduce the issue
- Affected components or versions
- Proof of concept, if available
- Potential impact assessment
- Suggested remediation, if available
Security reports should be submitted to security@drpinnacle.com. OpenVals vulnerability reports can also be sent to support@openvalidations.com.
Organization: DrPinnacle. Website: https://drpinnacle.com.
Response Timeline
| Action | Target Timeline |
|---|---|
| Initial acknowledgment | Within 24-72 hours |
| Vulnerability triage | Within 5 business days |
| Status updates | Ongoing during investigation |
| Resolution or mitigation | Based on severity |
Complex issues may require additional investigation time.
Scope
Responsible Disclosure
We request that researchers act in good faith and follow these guidelines:
- Avoid violating privacy or accessing unnecessary data.
- Do not disrupt production services.
- Do not perform destructive testing.
- Avoid social engineering or phishing attacks.
- Provide reasonable time for remediation before disclosure.
Safe Harbor
DrPinnacle supports responsible security research conducted in good faith. We will not pursue legal action against researchers who follow this policy, avoid privacy violations or service disruption, report vulnerabilities responsibly, and act ethically within legal boundaries.
Security Philosophy
Modern AI systems require more than functionality. They require trust, validation, governance, and resilience.
Encryption and Data Protection
We strongly encourage:
- End-to-end encryption
- Role-based access control (RBAC)
- Multi-factor authentication (MFA)
- Secure secret management
- Zero Trust architectures
- Continuous monitoring and auditing
- Secure AI model governance
AI Safety Reporting
For AI-related systems, reports may also include:
- Hallucination vulnerabilities
- Prompt injection attacks
- Model jailbreak techniques
- Adversarial prompts
- Unsafe routing behavior
- Data leakage risks
- Alignment failures
- AI governance bypasses
Acknowledgments
We appreciate the efforts of researchers and engineers helping improve the security and trustworthiness of modern AI systems.
Together, we can build safer and more reliable intelligence infrastructure.
DrPinnacle: build trust, validate intelligence, and deploy with confidence.