Issue registry
Security findings and protocol issues are tracked publicly in the GitHub organization. We follow responsible disclosure practices.
Reporting a vulnerability
- Go to the relevant repository on github.com/aicw-protocol
- Navigate to Security ??Advisories ??New draft advisory
- Describe the vulnerability with reproduction steps
- We aim to acknowledge within 48 hours and provide a fix timeline within 7 days
Scope
| Repository | Scope |
|---|---|
aicw | Solana program (smart contract) ??highest priority |
aicw_app | Wallet issuance frontend |
aicw_mcp | MCP server for agent operations |
aicw_home | Documentation site |
Do not report via public issues
If the vulnerability could allow theft of funds or unauthorized signing, use the private advisory mechanism ??not public GitHub issues.