As a protocol designed to mitigate high-stakes AI risks (including CBRN), we take security with extreme seriousness. We appreciate the efforts of the security research community to help us harden the Universal Verification Protocol kernel.

Currently, only the latest release on the main branch is supported for security updates.

Do not open a public GitHub Issue for security vulnerabilities.

If you discover a security flaw—particularly one that allows for "Adaptivity Leakage" bypass, "Sealed Vault" escape, or "Ledger Wealth" spoofing—please report it privately.

Contact: [Your Email Address] GPG Key: [Optional: Your PGP Key ID]

Please include:

1. A detailed description of the vulnerability.
2. Steps to reproduce (Proof of Concept).
3. The potential impact on the Conservation Ledger's safety bounds.

• Acknowledgment: We will acknowledge your report within 48 hours.
• Triage: We will provide a preliminary assessment of the risk within 7 days.
• Fix: We aim to resolve critical vulnerabilities within 90 days.
• Disclosure: We follow Coordinated Vulnerability Disclosure (CVD). We ask that you do not disclose the vulnerability publicly until a fix is released.

If you act in good faith, follow this policy, and do not attempt to exfiltrate sensitive data or disrupt production systems, we will not pursue legal action against you for your research.