If you believe you have found a vulnerability in ExoMind, please use GitHub's Security Advisories or email security@exomind.dev with an executable reproduction, the affected version, and any mitigation you have already tried. Avoid public issue threads so maintainers can respond securely.

Only the latest version published from the main branch is actively maintained. Please upgrade to the latest release before reporting an issue.

Once we receive a report, the maintainers will:

1. Acknowledge receipt within 72 hours.
2. Assess the report and, if confirmed, work on a fix or mitigation.
3. Coordinate a disclosure timeline, ideally alongside a patched release.
4. Update this policy if the supported version window changes.