Security Disclosure

LAST_MODIFIED: 2026-04-26 | POLICY: SAFE_HARBOR

As an offensive security and DevSecOps platform, Sentinel-X Systems takes the integrity of our own infrastructure extremely seriously. We welcome security researchers to audit our platform.

1. Safe Harbor Policy

If you discover a vulnerability in the Sentinel-X Node.js backend, Supabase configuration, or Python Agentic Core, and you report it in good faith without exfiltrating data or causing denial-of-service (DoS), we will not initiate legal action against you.

2. Out of Scope Targets

The following vectors are strictly out of scope and do not qualify for safe harbor: Physical attacks against Sentinel-X developers, Social Engineering (Phishing), and volumetric DDoS attacks against our routing layer.

3. Disclosure Protocol

Do not publicly disclose zero-day vulnerabilities affecting this platform. Submit a detailed Proof of Concept (PoC) directly to the Lead Architect via the uplink endpoints located on the Operator profile page.