Report clearly
Include affected page, reproduction steps, browser/runtime context, and expected impact.
Security reports
Responsible Disclosure
A public route for reporting vulnerabilities, unsafe behavior, data exposure, or governance bypass concerns.
Avoid harm
Do not access, modify, destroy, or exfiltrate data that is not yours.
Scope focus
Website, public interfaces, deployment instructions, and AI governance claims are in scope.
Private handling
Sensitive details should be shared directly with TAHAI Web Services.
Verification
Reports should be reviewed, reproduced where possible, and tracked to resolution.
Credit path
Coordinated disclosure can include public thanks where appropriate.