Skip to content

Security: openagentidentityprotocol/agentidentityprotocol

Security

SECURITY.md

Security Policy

The Agent Identity Protocol (AIP) is a security-critical project. We take vulnerability reports seriously and appreciate responsible disclosure.

Supported Versions

Version Supported
main
< 1.0 ✅ (pre-release)

During the pre-1.0 phase, security fixes will be applied to the main branch only.

Reporting a Vulnerability

DO NOT file a public GitHub issue for security vulnerabilities.

Instead, please report security issues through one of these channels:

Option 1: GitHub Security Advisories (Preferred)

  1. Go to the Security Advisories page
  2. Click "Report a vulnerability"
  3. Fill out the form with details

Option 2: Email

Send details to: arangogutierrez@gmail.com (PGP key below)

Include:

  • Description of the vulnerability
  • Steps to reproduce
  • Potential impact assessment
  • Any suggested fixes (optional)

PGP Key

-----BEGIN PGP PUBLIC KEY BLOCK-----

mQINBGlvoQQBEAD2ehbBuq+LvainZjmGoSq4qzgB2+F7CJk4A4bvVErScpciudhc
U+Uj0QChSSqAe3t8ju+aoUDu6ah5R4IUT59RZIw5KdZ76zQRhkxf+FQIEN0f7wes
iDL159UQcuXfRl2bvcBl0OolsVM25P4NZMIGc4Dh1GiMc9J8yVm6vra7whzlG/O0
x3cWaszCmcASbSsChVAWI/iBlXU+A71JVE9siHqG9qa2w1UH/6sI9EwrSGD+5CnU
tv3CgY6qg6qNSIl/tJ4h0nHzfjR4VW3NZDBkqtv5WQebvhOMzY9sJ6DJTieTBEIu
SYCUSwecii+Oxq+Szl/+6ttmUkY6iLpX+DffT86/gH3Muj5+G93+XMrdyE5bi3bi
3/yWbJz7NoKQG9N5sesYMathQSyYHN1pVcP4x+wUBnKuD+VV5Ec0XbE0/+7F7qWn
QWrABqy1d0oU43BZXWsd4WJqCmgQ3Fe6eKxB4eGSPDDQBaYhDr1k+22tX0wXLbgI
99Z5ULEvcFy8r3gjiXJnNycFpWvcsNDnLPKZb32wn6FZ/VqSC1OkJMUf4pZ0Nu8g
RXY8FyBectmrWgbydtLl+pR1+MPUfUhdq9xKVYIm/utzznqmb0mNXC4EeO17N+rG
HKnQrWVmgbigf4fHxg2xbpvnn+XKhvjSgsAaY3y8OII9mZ31GEq4cpaDUQARAQAB
tEFFZHVhcmRvIEFyYW5nbyAoQUlQIFNlY3VyaXR5IENvbnRhY3QpIDxhcmFuZ29n
dXRpZXJyZXpAZ21haWwuY29tPokCWAQTAQgAQhYhBLaO/7nsg4tv71PvYXZ6tkUN
e9vsBQJpb6EEAxsvBAUJA8JnAAULCQgHAgIiAgYVCgkICwIEFgIDAQIeBwIXgAAK
CRB2erZFDXvb7BxgD/4mUBzuwZMcBamphnlPO68DN4KYcWwdxasyqwGNLdfNcIDF
f3O4sjEg6uYbh2knQ1/iR7xVeeliScvel7i7EenPdE3IGOCk5nq1TstamzM8d4rY
xPXvta+IuWToOkn0Z8iKbRB9Rm4VWAt8e9zfQotcM0E9sOrPRjM5jHWNWHwgLWDX
3mztsGqYJ1pZO3elajSmA0V66oZUKzleQWCSTnwlMK56sL9H/xJNpBobcuaovQ3t
/eDgFyhoGgRn1ePezui6pHMzU1YZpm8UZtGsmVV9GceF5ZETk7nYLyLtjgxDTdk1
QrSQ4/AV8BdQxRapRIN5eOTuKBryZlaJuk8ZKIbW7GjdBejU/IlAioYV+L5r9p9t
FU7ZPr+U84TN9HDE1uRBWq5wbfszJVOR/TO/ecFCxgs1XME7L6laNm4Z2m4pYidP
Wc6vL8MQR/h+20/Xejx7URZRARD4+xZX2ZxLf0KDilsdhO5ooL3PoGE8y8Gj6BWw
s8ALTXk6U2CKjo3lF00LdTIz05jH8nkncDj4LR44s7V8WtXfJtiDPn2tql7Q3YOW
6Ei/zzocYkdMEbmbFOCZ5NzzavCE39zt9uDJAem5Blq+N5JRPDiep8tdp42wFekA
TzMhhPnuCpvhNVm2usCZFpE9RZScb4ZO38QfhjTrk1fpsd6pBmyGa/wvQt1WJ7kC
DQRpb6EEARAAy7BRE2zIPL5ZUzh19mN6VkUx9/xdBM36hdg1IdFyo39uxGJIfEvQ
Sc88/m2ouYNNs7ktsnieP3WPVtkMOyZm2TFkotDBR0yZmA2Y1liNQTjTOV6nzvO3
Am5I9d/vNhdfUNOILVW++9kZVamL5pB8m42hnUlunEvTl5TuXwEfochJtlQX9K5s
JuWrukLTVbcNI/7aYy9cUyQPmwynZDP48yKj3SfhIK7Q+YZiApJKuI3GQrOVZDfu
S1izoVPn7iMfShddTv5NRU6f1D0QsGPEbOcESJPvj9LavZX86iwjESrOJUrSaQBm
NqEnFyuR5stvLP4bo4aYih1YXrpr0uLuBcD4lIvG2sdShwh9KRsLJKWHXUxJloG6
ZNXX9tEGqYt0xBS7Ilu67U9eDaK/fsA2dHRMobfvkLkLV7zWuJWuUQl5ErTBLnQ2
lZSZ0NVT9UdJObu2jLHvB6e/CFd8Nu2wnyWMdVx+3k5WqEorv7PDEb1XKZSWtSmF
6H8UKzVz5CrwKISu1jbrU+IungsamRhHNjvB5+Zg8fMWay64XbRyhxr7ghLOccse
c2GJfPUt4lTRyzE3eadL6ALoZbx1swocA3QEPq4hGo+G1gxn+ZfdztWi6v3hktqp
lCuxeKZxjpq9ThHIjuqD0GtSoRDYRhywpGO77NDB1AYUu6uWA3sDRDsAEQEAAYkE
cgQYAQgAJhYhBLaO/7nsg4tv71PvYXZ6tkUNe9vsBQJpb6EEAhsuBQkDwmcAAkAJ
EHZ6tkUNe9vswXQgBBkBCAAdFiEEJ7/5wBSIwNpGczx2fQx16k/rA20FAmlvoQQA
CgkQfQx16k/rA20lSBAAoI2ojsAl5bt5/g2EueZMgLsvV4R1ttu6/wnydVcRJsdU
x2E6fsm78Lb7pKKYKJrt9n8ubXEU7SatV83+0RFk9moooTX4m1l4CbSp/gMX49G6
2VrVkdcVoaJp6zPb4qBJ5V/6nh26VgvIObocEeeuDQGU8kGIt1tWZ4cGG3wq2h8v
n975HEGuS0B+Iml3p86lns2OY+JKgDlCFFCa7L5pMOGt74xBrrdCHzRigN7Zma41
/oD22rL5euh88FiQvxFxHnHQ76P2LBsl83Bur20RNMpst1qxnubDpzuI+4N9GYk+
hXanR5QHooF/PjXAI84v4Pwk7LnAt/uFLBjdv2RbaGjLQ++aCxjr6ks7ey9aMuWc
QuimXsitMH1RbJ1u8i5K/phWsSCaM7psFqWVlOCndg1ulMlU2e5nBtkPCiEQfVUk
SjhfNbF3xiEf6BXwY5COujw1DjOxGEgIAahtaF3fAH/N7SM0j7Yjth09wxEmMpmE
B/1Ga2r5WK5E3SnVs97ShFQdRk+1xKyr68QroBSl4wmGyNXFhuQnptD6LBmtDegg
tgK+mdpY2Rd9zI+wTp3qmyDKmz2jNaxl1q1NCf74cVnnO11f3FIjm073ucTnIF1W
q7NxwvXPZ6dOWCJ9rTloZLFFTOrkGPp45zo3fl50nrIdvE7nnzL2qWkARmCK5bLL
rRAAkPgHFh2yR8nhPUXv3/gXRWu5sQdVAYrbbBObc1prait/j1g4gUM5Lv9n7sSO
dV8mF77pKAGAhmtu2oXPI53NvbF0MAq1wqb/yIC9/MjBAneB54sW6bhwqgUaDAAu
WhJt2ODVtvjY/dTK8mnIa0+m2I4+ZDtL7HqTBAQHQChZkiYCqEoSbY1FCUidQRIf
r5K8Nsoq5fzUvS6S7DV8r7O1JLZL+2mbVdSLMLNdxydXMLGjt7vZat02+ispfJYv
m/VUWqgYr7+SvIEESZ8nCJa2Sg6YhtXaWkMM+uD/b2Bkzj3z9kygta4L5WDlMKNQ
RvIYN2M4Exj2T+ekCV4qtqLDuGqFXfrJH2vo08vFivVrOK6wq6hW1KoOyKUVdceZ
nxqaprBX/FRJUtnbQyD3xZ4FrvoAWQ+w9NciRdpkzstcnPMYlI0L+hhSwV3Cu3Rf
5+cArEFD+at7TX9mGG2uZstSj7+8l3v6qGXO4Muh87i6ghStPiQJWmUoivmmswI1
uumuv3eyMIQNG0sPeHrj204tWybwNQrSXbrKcbSIJElJto30QjtHfbgtV3x6AfZi
GsteBxCmkMMNN9Q5M5BkMPpf6FyPVi6G+BMRx3q4iLNdRW4FRcdrhu7B7o/M00U/
aJ9BjNEm8sXAh7tVxXEY91yskBcCkAqROZHMRD4cZpTtqR4=
=MPr4
-----END PGP PUBLIC KEY BLOCK-----

Response Timeline

Stage Timeline
Acknowledgment Within 48 hours
Initial Assessment Within 7 days
Status Update Every 14 days
Fix Development Varies by severity
Public Disclosure After fix is released

Severity Classification

We use CVSS v3.1 for severity scoring:

Severity CVSS Score Response Target
Critical 9.0 - 10.0 24-48 hours
High 7.0 - 8.9 7 days
Medium 4.0 - 6.9 30 days
Low 0.1 - 3.9 90 days

Scope

In Scope

  • AIP proxy implementation (implementations/go-proxy/)
  • Client SDKs (sdk/)
  • Manifest parsing and validation
  • Identity token generation and validation
  • Policy engine and authorization logic
  • Egress filtering implementation
  • Audit logging (data integrity)

Out of Scope

  • Example applications (examples/) — for demonstration only
  • Documentation websites
  • Third-party dependencies (report upstream)
  • Theoretical attacks without proof of concept

Security Considerations for AIP

When evaluating potential vulnerabilities, consider these AIP-specific concerns:

High Priority

  • Manifest bypass: Agent executing actions not declared in manifest
  • Token forgery: Creating valid AIP tokens without authorization
  • Policy engine bypass: Circumventing authorization checks
  • Audit log tampering: Modifying or deleting audit records
  • Egress filter bypass: Exfiltrating data despite restrictions

Medium Priority

  • Privilege escalation: Agent gaining capabilities beyond manifest scope
  • Session hijacking: Taking over another agent's session
  • Denial of service: Crashing proxy or exhausting resources
  • Information disclosure: Leaking manifest contents or token data

Lower Priority

  • Configuration issues: Insecure defaults (should be documented)
  • Timing attacks: Information leakage via response times
  • Verbose errors: Stack traces or internal paths exposed

Safe Harbor

We support security research conducted in good faith. Researchers who:

  • Make a good faith effort to avoid privacy violations, data destruction, and service disruption
  • Only interact with accounts you own or have explicit permission to test
  • Do not exploit vulnerabilities beyond what is necessary to demonstrate them
  • Report vulnerabilities promptly and do not disclose publicly until we've addressed them

...will not face legal action from us related to their research.

Recognition

We maintain a SECURITY_ACKNOWLEDGMENTS.md file to recognize researchers who responsibly disclose vulnerabilities.

Contact

  • Security Reports: arangogutierrez@gmail.com
  • General Questions: GitHub Discussions
  • Urgent Issues: Include "URGENT" in email subject

This security policy is based on industry best practices and will be updated as the project matures.

There aren’t any published security advisories