KABINET AI
ProductHow It WorksAI KabinetSolutionsPricingResources
Log inTry for Free

Legal & policies

  • Privacy policy
  • Terms of service
  • Acceptable use
  • Cookie policy
  • DPA
  • Sub-processors
  • Accessibility
  • Responsible disclosure

Legal · effective January 1, 2026

Responsible Disclosure Program

We take security seriously. If you find a vulnerability, please tell us first — we'll fix it, credit you, and (where the impact warrants) reward you.

Scope

In scope:

  • kabinet-ai.com and all its subdomains.
  • Our public APIs at /api/v1/*.
  • Our official mobile/desktop clients (when released).

Out of scope:

  • Social-engineering attacks against our staff.
  • Physical attacks on our infrastructure.
  • Denial-of-service or volumetric testing.
  • Vulnerabilities in third-party services (please report directly to those vendors).
  • Best-practice findings without demonstrable impact (missing security headers, version disclosure, etc.).

How to report

Email security@kabinet-ai.com. Encrypt sensitive content with our PGP key (fingerprint published at /.well-known/security.txt). Please include:

  • A clear description of the vulnerability and its impact.
  • Steps to reproduce, with screenshots or a proof-of-concept where appropriate.
  • Your name or handle (so we can credit you).

Our commitments

  • We acknowledge every report within 2 business days.
  • We provide a triage decision within 7 business days.
  • We will not pursue legal action against researchers acting in good faith and within this policy.
  • We will credit you publicly (with your permission) once a fix is deployed.

Rewards

We pay bounties for material vulnerabilities at our discretion. Indicative ranges:

  • Critical (account takeover, RCE, data exfiltration): $1,000 – $5,000.
  • High (privilege escalation, SSRF, stored XSS in production): $300 – $1,000.
  • Medium (CSRF on sensitive actions, IDOR with limited blast radius): $100 – $300.
  • Low: hall-of-fame credit.

Hall of fame

With your permission, researchers who help keep Kabinet safe are credited in our public acknowledgements. Email security@kabinet-ai.com with your preferred name and link.

KABINET AI

The AI Operating System for Modern Business. Hire your full company in 60 seconds.

One email per month. Unsubscribe anytime.

Product

  • Overview
  • Product
  • Pricing
  • AI Audit
  • AI Kabinet

Resources

  • Resources
  • Developer Hub
  • API reference
  • Changelog

Company

  • About
  • How it works
  • Solutions
  • Contact
  • Contact sales

Legal

  • Privacy policy
  • Terms of service
  • Acceptable use
  • Cookie policy
  • Data Processing Agreement (DPA)
  • Sub-processors
  • Accessibility
  • Responsible disclosure
All systems operationalSOC 2 in progressGDPR compliantEU & US data residencyEnd-to-end encryptionWCAG 2.1 AA
© 2026 Kabinet AI Ltd. All rights reserved.·Made for founders who'd rather ship than coordinate.