負責任揭露

範圍內系統

AI-specific vulnerabilities — explicitly encouraged

AI-substrate-specific vulnerabilities are where operator-grade research has the highest impact. The categories below are explicitly in scope and receive priority triage — we want to find these classes of bugs before they reach a customer's production workflow.

• Prompt injection that bypasses approval gates or escalates agent permissions
• Data exfiltration via context manipulation, tool-chaining, or RAG poisoning
• Model jailbreak that produces actions outside the declared workflow scope
• Audit-trail tampering, hash-chain forgery, or evidence-export bypass
• Cross-tenant data leakage in multi-customer deployments (managed cloud shape)
• BYOK key exfiltration or downgrade attacks against customer-supplied encryption

範圍外

• 第三方服務（Firebase、AWS、Stripe、LLM 提供商）
• 針對 JieGou 員工的社交工程攻擊
• 阻斷服務（DoS/DDoS）攻擊
• 物理安全攻擊
• 未經事先核准的自動掃描
• 任何可能降低服務可用性的測試