If you discover a security issue in Attestloop, please report it privately to simon@attestloop.ai. You should expect acknowledgement within 5 working days. Please do not file public GitHub issues for security matters.

In scope: the Attestloop pipeline code in src/attestloop/, the example agent prompts, the build/deploy configuration. Out of scope: hypothetical vulnerabilities in third-party dependencies (report those upstream).