Security
Responsible Disclosure Policy
Last updated 1 July 2026 · WardenAI LLC
Reporting a vulnerability
If you believe you’ve found a security vulnerability in CapHound, please report it to security@caphound.ai. Include enough detail to reproduce the issue (affected URL/endpoint, steps, and impact). This inbox is monitored by our Security Officer.
Our commitment
- We acknowledge your report within 3 business days.
- We investigate and remediate based on severity, and keep you informed of progress.
- We credit good-faith researchers on request once an issue is resolved.
Safe harbor
We will not pursue legal action against researchers who act in good faith and follow this policy — meaning you avoid privacy violations, data destruction, and degradation of service, only interact with accounts you own or have explicit permission to test, and give us a reasonable time to remediate before public disclosure.
Scope & out of scope
In scope: the CapHound production application and API. Out of scope: automated scanner output without a demonstrated impact, denial-of-service, social engineering, physical attacks, and findings in third-party services we rely on (report those to the respective provider). When in doubt, ask at security@caphound.ai.
Program status
CapHound currently operates this Responsible Disclosure Policy in lieu of a paid bug-bounty program. See our security page for how we handle and protect data.