| Version | Supported |
|---|---|
| 0.x.x | ✅ |
Once Agent OS reaches 1.0, we will maintain security updates for the latest minor version.
Please do not report security vulnerabilities through public GitHub issues.
If you discover a security vulnerability in Agent OS, please report it responsibly:
Send an email to: security@agent-os.dev
Include:
- Description of the vulnerability
- Steps to reproduce
- Potential impact
- Any suggested fixes (optional)
You can also report via GitHub Security Advisories.
For sensitive reports, you may encrypt your message using our PGP key:
-----BEGIN PGP PUBLIC KEY BLOCK-----
[PGP key to be added]
-----END PGP PUBLIC KEY BLOCK-----
Key fingerprint: [To be added]
| Stage | Timeline |
|---|---|
| Initial acknowledgment | Within 48 hours |
| Initial assessment | Within 1 week |
| Fix development | Varies by severity |
| Public disclosure | Coordinated with reporter |
We use the following severity levels:
| Severity | Description | Response Time |
|---|---|---|
| Critical | Remote code execution, complete bypass of safety policies | 24-48 hours |
| High | Partial bypass of safety policies, data exposure | 1 week |
| Medium | Denial of service, information leakage | 2 weeks |
| Low | Minor issues, hardening opportunities | Next release |
Agent OS provides application-level policy enforcement:
- ✅ Deterministic policy checks on agent actions
- ✅ SQL injection prevention (via policy rules)
- ✅ File system access restrictions (configurable paths)
- ✅ Rate limiting and resource controls
- ✅ Action logging and audit trails (Flight Recorder)
Agent OS is middleware, not a security sandbox:
- ❌ Memory corruption or process isolation (use containers)
- ❌ Compromised LLM providers
- ❌ Network-level attacks
- ❌ Supply chain attacks on dependencies
For production deployments, we recommend:
- Running agents in isolated containers
- Using network policies to restrict agent communication
- Monitoring the Flight Recorder for anomalies
- Regular dependency audits
- Keep Agent OS updated - Always run the latest version
- Use restrictive policies - Start with minimal permissions, expand as needed
- Enable Flight Recorder - Log all agent actions for audit
- Review policies regularly - Ensure policies match current requirements
- Run in containers - Isolate agents for defense in depth
- Sign commits - Use
git commit -s(DCO) and GPG signing - Review dependencies - Check for known vulnerabilities before adding
- Write secure code - Follow OWASP guidelines
- Add tests - Include security-relevant test cases
- Document security implications - Note any security considerations in PRs
We monitor dependencies for known vulnerabilities using:
- GitHub Dependabot
- Regular security audits
We follow coordinated disclosure:
- Reporter notifies us privately
- We confirm and assess the vulnerability
- We develop and test a fix
- We coordinate disclosure timing with the reporter
- Fix is released with security advisory
- Credit is given to the reporter (unless they prefer anonymity)
Published security advisories are available at: github.com/imran-siddique/agent-os/security/advisories
We recognize security researchers who responsibly disclose vulnerabilities:
No submissions yet - be the first!
- Security issues: security@agent-os.dev
- General questions: GitHub Discussions
Last updated: February 2026