If you discover a security vulnerability in Chitin Shell, please report it responsibly.
DO NOT open a public GitHub issue for security vulnerabilities.
Email: security@chitin.id
Include:
- Description of the vulnerability
- Steps to reproduce
- Potential impact
- Suggested fix (if any)
- Acknowledgment: Within 48 hours
- Initial assessment: Within 5 business days
- Fix timeline: Depends on severity (Critical: 7 days, High: 14 days, Medium: 30 days)
- Bypassing process isolation (accessing credentials from the LLM container)
- Policy engine bypass (executing actions without proper verification)
- Output sanitization bypass (secrets leaking through to the LLM)
- Signature forgery or verification bypass
- Rate limiter bypass
- Audit log tampering
- The LLM producing malicious Intents (this is expected — the Policy Engine catches them)
- Denial of service on the Policy Engine (availability, not security)
- Issues in dependencies (report to the dependency maintainer)
- Social engineering attacks on human approval flow
| Version | Supported |
|---|---|
| 0.1.x (alpha) | Best effort |
| < 0.1 | Not supported |
Chitin Shell's security model is documented in ARCHITECTURE.md. Key principles:
- Zero-Knowledge Agent: The LLM never has access to credentials
- Intent, Not Action: The LLM produces structured requests, not raw API calls
- Defense in Depth: Multiple independent security layers
- Fail-Closed: Unknown actions default to Tier 3 (human approval required)
We thank the following researchers for responsibly disclosing vulnerabilities:
(None yet — be the first!)