Agent-Fabric Open Console

Security & Vulnerability Disclosure

Security is core to Agent-Fabric. If you believe you have found a vulnerability, we want to hear from you and we will work with you in good faith to resolve it.

Report to
security@falconoon.com
Response
We acknowledge reports within 3 business days.
Scope
agent-fabric.falconoon.com, app.falconoon.com, api.falconoon.com, the falcon CLI, and the Agent-Fabric service.

How to report

Email security@falconoon.com with:

If you need to share sensitive details, ask us for a secure channel in your first message.

Our commitments

Responsible disclosure guidelines

To keep users safe, please:

Out of scope

Reports that are typically not actionable on their own include: missing best-practice headers without a demonstrated exploit, rate-limiting on non-sensitive endpoints, social engineering, physical attacks, and vulnerabilities in third-party services we do not control. When in doubt, report it — we would rather hear from you.

Safe harbor

If you make a good-faith effort to comply with this policy during your research, we will consider your research authorized, will work with you to understand and resolve the issue quickly, and will not recommend or pursue legal action against you. This policy does not authorize actions that violate applicable law.

For how we handle your personal information, see the Privacy Policy. Product releases are signed; verification steps are in the docs.