Security & responsible disclosure

Security at AgentAegis

We build security tooling, so we hold ourselves to it. This page covers how to report a vulnerability, our scope and safe-harbor commitment, and how we audit ourselves.

Report a vulnerability

If you've found a security issue, email admin@youraigroup.com with steps to reproduce. Our machine-readable policy is published at /.well-known/security.txt (RFC 9116).

Our commitment to good-faith researchers: we will acknowledge your report, keep you updated on remediation, and credit you publicly if you'd like. We will not pursue legal action for security research conducted in good faith under the scope below.

In scope

agentaegis.org and the marketing site
The MCP server at agentaegis-mcp-production.up.railway.app
The customer portal at app.agentaegis.org
The payment paths: API-key billing and x402 (USDC on Base mainnet)

Out of scope

Denial-of-service / volumetric testing against production
Findings in the open-source engines we wrap (report those upstream to nmap, Nuclei, Semgrep, sslyze, trufflehog, trivy)
Social engineering, physical attacks, and spam
Automated scanner output without a demonstrated, exploitable impact

Please don't run intrusive scans against our own production infrastructure, exfiltrate data, or degrade service for others. Use your own test accounts and synthetic targets.

How we audit ourselves

AgentAegis runs security scans for AI agents — so the first system we point it at is our own. During pre-launch hardening we ran the full toolset against AgentAegis's own production infrastructure (we call it the "Phase 4 self-audit"). It surfaced 12 findings; 7 were fixed in code, the rest documented as accepted risks.

The most instructive one was a billing bug in our own tool-dispatch wrapper that would have given paid tools away for free under one code path — caught by the pricing-discrepancy check before any customer hit it. We think a security product that can't survive being scanned by itself has a bug in the scanner, not just the target.

Beyond the self-audit, we run an automated red-team suite (open-redirect, MCP-session bypass, payment-webhook spoofing, SSRF, x402 challenge inspection) on the major attack surfaces, and we re-run it on a schedule to catch regressions.

Baseline posture

Transport: HTTPS everywhere with HSTS (preload), a strict Content-Security-Policy, and a locked-down Permissions-Policy.
Input validation: scan targets are rejected if they resolve to private, loopback, link-local, or cloud-metadata addresses, or use a non-HTTPS scheme — before any engine runs.
Data isolation: customer data is stored with row-level security forced on every table.
Payments: webhook signatures are verified; balance debits are atomic; x402 settlement uses on-chain ERC-3009 nonces that prevent replay and double-spend.
Attribution: the open-source engines and third-party data sources we build on are credited in our NOTICE.md.

Contact

Security: admin@youraigroup.com · Policy: security.txt · General: FAQ