How to report
Email security@qukaizen.com with enough detail that we can reproduce and triage without a follow-up. Use the public PGP key linked in /.well-known/security.txt if you'd like the report encrypted; if you don't, that's fine too — the inbox is for security issues only.
- ·Product and version (qukaizen.com web, AeroLLM <commit>, ARAIL <commit>, Nucleus, AeroLLM-Distill).
- ·Component / endpoint / file affected.
- ·A minimal reproducer or proof-of-concept. Logs, requests, screenshots are welcome.
- ·Your assessment of impact (what an attacker gets, who's affected, what's the blast radius).
- ·Whether you want public credit and under what name when we disclose.