If you discover a security vulnerability in Project Nobi, please report it responsibly.
Email: security@projectnobi.ai
- Description of the vulnerability
- Steps to reproduce
- Potential impact
- Suggested fix (if any)
- Acknowledgment: Within 48 hours of your report
- Assessment: We will assess severity and impact within 5 business days
- Fix timeline: Based on severity (critical: 24-72 hours; high: 1 week; medium/low: next release)
- Credit: We will credit you in our release notes (unless you prefer anonymity)
- Do NOT open a public GitHub issue for security vulnerabilities
- Do NOT exploit the vulnerability beyond what is necessary to demonstrate it
- Do NOT access, modify, or delete other users' data
- Do NOT perform denial-of-service attacks
| Version | Supported |
|---|---|
| Latest (main branch) | ✅ Yes |
| Older versions | ❌ No |
The following are in scope:
- The Nobi API (api.projectnobi.ai)
- The web application (app.projectnobi.ai)
- The Telegram bot (@ProjectNobiBot)
- The miner and validator code
- Memory encryption implementation
The following are out of scope:
- Third-party services (Stripe, Bittensor network itself)
- Social engineering attacks
- Physical attacks
- Security: security@projectnobi.ai
- DPO: dpo@projectnobi.ai
- General: support@projectnobi.ai