| title | Security Policy | |||
|---|---|---|---|---|
| description | How to report security vulnerabilities in Cactus, the on-device AI inference engine. | |||
| keywords |
|
If you discover a security vulnerability in Cactus, please report it responsibly. Do not open a public GitHub issue for security vulnerabilities.
Instead, please email security@cactuscompute.com with:
- A description of the vulnerability.
- Steps to reproduce the issue.
- The potential impact.
- Any suggested fixes (optional).
We will acknowledge receipt within 48 hours and aim to provide a fix or mitigation plan within 7 days.
This policy covers the Cactus inference engine, its SDKs (Python, Swift, Kotlin, Flutter, Rust, React Native), and the official model weights hosted on HuggingFace.
Security fixes are applied to the latest release. We recommend always running the latest version of Cactus.