We release security patches for the latest version of each tool.
| Tool | Supported |
|---|---|
| license-compliance-checker | Latest release |
| agentic-document-analyser | Latest release |
| rag-benchmarking | Latest release |
Do not open a public GitHub issue for security vulnerabilities.
Email security@aiexponent.com with:
- Description of the vulnerability
- Steps to reproduce
- Potential impact
- Suggested fix (if any)
We will acknowledge receipt within 48 hours and provide an initial assessment within 5 business days.
We follow coordinated disclosure. We ask that you:
- Allow us reasonable time to address the issue before public disclosure
- Do not exploit the vulnerability beyond what is necessary to demonstrate it
- Do not access or modify other users' data
We credit reporters in the security advisory unless they prefer to remain anonymous.