Do not open a public GitHub issue for security vulnerabilities.

Please report security vulnerabilities by emailing:

security@ai-employee-force.com

Include in your report:

• A description of the vulnerability
• Steps to reproduce
• Potential impact
• Suggested remediation (optional)

We will acknowledge your report within 48 hours and aim to provide a fix or mitigation within 14 days for critical issues.

• We follow responsible disclosure — please give us reasonable time to patch before public disclosure
• We will credit reporters in the release notes (unless you prefer to remain anonymous)
• We will not take legal action against researchers acting in good faith

• Dependencies are reviewed and updated regularly
• All secrets and credentials must be stored in environment variables or a secrets manager — never committed to this repository
• Access to this repository is restricted to @AI-employee-force/agent-accountingo-team

This policy covers the aief-accountingo repository within the AI-employee-force organization.