We take security seriously. If you discover a security vulnerability in PyAI, please report it responsibly.

1. Do NOT open a public GitHub issue for security vulnerabilities
2. Email security concerns to the maintainers directly
3. Include as much detail as possible:
   • Description of the vulnerability
   • Steps to reproduce
   • Potential impact
   • Suggested fix (if any)

• Acknowledgment: Within 48 hours
• Initial Assessment: Within 1 week
• Resolution Timeline: Depends on severity
  • Critical: 24-72 hours
  • High: 1-2 weeks
  • Medium: 2-4 weeks
  • Low: Next release

When using PyAI:

1. Never commit API keys - Use environment variables
2. Use Azure AD authentication - Preferred for enterprise
3. Validate user inputs - Before passing to agents
4. Review agent outputs - Before executing code
5. Use sandboxed code execution - For code generation features

We regularly update dependencies to patch known vulnerabilities. Run:

pip install --upgrade PyAI

We appreciate the security research community's efforts in keeping PyAI secure. We will acknowledge researchers who report valid vulnerabilities (with permission).