# Security Policy

We take security issues seriously and appreciate responsible disclosure.

## Reporting a Vulnerability

Please **do not** open a public GitHub issue for security reports.

Instead, use one of these private channels:

- **GitHub Security Advisories** (preferred): open a private advisory in the repository.
- **Email**: send a report to `contact@abstractcore.ai` with the subject **"Security report: AbstractCore"**.

Include as much of the following as possible:

- A clear description of the issue and why it matters.
- Steps to reproduce (proof-of-concept code is welcome).
- The affected version(s) (see `abstractcore.__version__`).
- Any suggested fix or mitigation, if you have one.

## What to Expect

- We will acknowledge receipt of your report within **72 hours**.
- We will work with you to assess impact, determine a fix, and coordinate a disclosure timeline.

## Supported Versions

Security fixes are typically released for the latest published version.