Responsible Disclosure

Report a Vulnerability

We welcome security research and coordinated disclosure. Please report findings responsibly so we can fix issues quickly.

Send details to security@wingagent.ai. Include steps to reproduce, impact, and any suggested fixes.

We aim to acknowledge reports within 72 hours.

Good-faith research that avoids user data access and service disruption is authorized under this policy.

Authentication and session handling

API routes and web app security

Data exposure or access flaws

Denial of service or traffic flooding

Social engineering or phishing

Third-party services outside our control

Badges reflect providers and platforms used in the WingAgent stack and do not imply certification.

Cloudflare

Vercel

Stripe

Resend

Let's Encrypt