Reporting Bugs & Security Vulnerabilities
Reporting Bugs & Security Vulnerabilities
At Lamatic.ai, we're committed to maintaining a secure and reliable platform. If you discover a bug or a potential security vulnerability, here’s how to report it responsibly.
Vulnerability Disclosure Program
We welcome contributions from security researchers and users alike to help us proactively identify and address issues. Through our Vulnerability Disclosure Program, you can report security concerns and receive recognition and rewards for valid findings.:contentReference[oaicite:0]{index=0}
What’s In Scope?
- Services Covered:
- Lamatic.ai Studio (web applications)
- APIs
- Cloud services
- Accepted Vulnerability Types:
- Cross-Site Scripting (XSS)
- SQL Injection
- Authentication flaws
- Data leakage
- Privilege escalation:contentReference[oaicite:1]{index=1}
What’s Out of Scope?
Please do not report the following via this program:
- Social engineering attacks
- Physical security issues
- Denial of Service (DoS) attacks
- Vulnerabilities in third-party integrations not controlled by Lamatic.ai:contentReference[oaicite:2]{index=2}
Submission Guidelines
When reporting a vulnerability, please include the following details:
- Clear description of the issue
- Step-by-step reproduction instructions
- Impact analysis (potential risks and severity)
- Supporting evidence (e.g., screenshots, videos, scripts)
- Recommendations for remediation:contentReference[oaicite:3]{index=3}
Safe & Responsible Reporting
- We offer legal safe harbor protections for good-faith researchers.
- Please refrain from public disclosure until the vulnerability is resolved.
- Detailed program rules and legal terms can be found in our “Rules of Engagement” and “Safe Harbor Clause” sections on the vulnerability disclosure page.:contentReference[oaicite:5]{index=5}
Ready to Submit?
Report your findings here: https://lamatic.ai/docs/vulnerability-disclosure
Thank you for helping us strengthen the security of Lamatic.ai!
Updated on: 10/09/2025