| Version | Supported |
|---|---|
| 4.1.x | ✅ Active |
| 4.0.x | ✅ Security fixes |
| 3.x.x | ❌ End of life |
| < 3.0 | ❌ Not supported |
We take security vulnerabilities seriously. If you discover a security issue, please report it responsibly.
DO NOT open a public GitHub issue for security vulnerabilities.
Email: security@sentinel.ai
PGP Key: [Available on request]
Include:
- Description of the vulnerability
- Steps to reproduce
- Affected versions
- Potential impact
- Your suggested fix (optional)
| Stage | Timeframe |
|---|---|
| Acknowledgment | 24 hours |
| Initial assessment | 72 hours |
| Fix development | 7-30 days |
| Public disclosure | After fix |
- Acknowledgment — We confirm receipt within 24 hours
- Assessment — We evaluate severity and impact
- Communication — We keep you updated on progress
- Fix — We develop and test a patch
- Release — We publish the fix
- Credit — We credit you (if desired) in release notes
When using SENTINEL:
# ❌ Never hardcode
api_key = "sk-1234..."
# ✅ Use environment variables
import os
api_key = os.environ.get("SENTINEL_API_KEY")# ✅ Enable all security features
sentinel:
api_key_required: true
rate_limit: 1000
tls_enabled: true
audit_logging: true# ✅ Regularly update
pip install --upgrade sentinel-llm-security
# ✅ Audit dependencies
pip-auditSENTINEL scans prompts but does not store them by default. For compliance:
# Disable logging of prompt content
logging:
include_prompts: false
hash_only: trueWhen using external LLM APIs:
- Use TLS for all connections
- Rotate API keys regularly
- Monitor for anomalous usage
We currently do not have a formal bug bounty program. However, we recognize and credit security researchers who responsibly disclose vulnerabilities.
Security advisories are published on:
- Security issues: security@sentinel.ai
- General questions: info@sentinel.ai
- Discord: SENTINEL Community
Last updated: January 18, 2026