If you find a flaw, we want to hear it.

The following systems and artefacts are in scope for this programme:

• webwall.ai and all subdomains, including api.webwall.ai and status.webwall.ai
• The AKIRA reasoner, distributed as a Rust crate or container image, for versions released on or after 2026-01-01
• The MAJA server components packaged alongside AKIRA, including the FlatBuffers ingress rings and the enforcement module
• The MCP operator surface (explain, replay, validate-rule, sitemap-diff, etc.) and the kyl policy toolchain
• Signed PROV-O verdict artefacts and the signature verification libraries we publish

To keep researcher time focused on meaningful issues, the following are explicitly out of scope. Reports citing only these classes will be closed as informational:

• Missing security headers on marketing-only pages with no auth surface (CSP, HSTS, X-Frame-Options on static content)
• Rate-limit findings that require more than 10 req/s of traffic against production infrastructure
• Self-XSS, tab-nabbing, clickjacking on pages without sensitive state changes, and UI redressing of marketing CTAs
• Denial-of-service via volumetric attacks, resource exhaustion, or third-party service abuse
• SPF/DKIM/DMARC findings on zones not used for authenticated operator or customer mail
• Issues in third-party software we link to but do not maintain, unless the chain of custody ends at a WebWall-signed artefact

Send your report to security@webwall.ai. We strongly prefer PGP-encrypted mail; our key is published at https://webwall.ai/.well-known/pgp-key.asc and through the keys.openpgp.org keyserver under the same address.

A useful report includes:

• The asset class and version (AKIRA crate version, MAJA build id, kyl ruleset hash, or the exact hostname and timestamp for web issues)
• Reproduction steps, ideally as a minimal script or a PROV-O fragment demonstrating the unexpected verdict
• Your assessment of impact, and — if you know it — the primitive that was violated (positive-security bypass, policy-engine logic flaw, classifier evasion, audit-trail tamper, etc.)
• Whether you need us to contact you through a pseudonymous channel or employer

If a report is materially time-sensitive — active exploitation, a customer currently being attacked, or a pre-disclosure embargo — please mark the subject line [URGENT] and we will page an on-call engineer within the SLA below.

We commit to the following response times, measured from the first reasonable business hour after receipt in Europe/Zurich:

• T + 1 day. Human acknowledgement of receipt and an assigned case reference
• T + 3 days. Initial triage: severity class, in-scope confirmation, and a first technical contact point
• T + 14 days. Remediation plan or a reasoned request for extension with a revised date
• T + 90 days. Default coordinated-disclosure horizon; we expect most critical issues to be fixed much sooner, and will negotiate in good faith on the few that need longer

If you make a good-faith effort to comply with this policy during your research, we will not pursue or support any legal action against you for that research. Specifically:

• We will not initiate civil or criminal claims under the Swiss Criminal Code Art. 143bis, the EU Cybercrime Directive transpositions, or analogous foreign statutes
• We will treat your research as authorised access for the purpose of computer-misuse laws that require such authorisation
• We will publicly defend you against third-party claims that arise solely from good-faith research that followed this policy

Safe harbour does not cover intentional destruction, exfiltration of customer data beyond the minimum needed to demonstrate the issue, social engineering of staff or customers, or testing of physical premises.

A report is inside the programme if the research:

• Stops at the first convincing demonstration of impact and does not pivot deeper into customer infrastructure
• Does not access, copy, or retain personal data that belongs to anyone other than the researcher and test accounts
• Uses test accounts or the public staging environment where available, rather than production tenants that belong to other customers
• Does not use automated scanners that generate more than 20 req/s per host or that probe customer-specific paths
• Refrains from contacting customers, employees, or partners about the finding before our remediation plan is in place

We do not currently run a monetary bounty programme — we are a small team and would rather spend that budget on design-partner engineering. What we do offer:

• Public credit on webwall.ai/security/hall-of-fame with your preferred handle, unless you ask to remain anonymous
• A signed advisory co-authored with you for novel primitives or meaningful severity
• A referral to the responsible-disclosure programmes of downstream consumers where appropriate, with your consent
• A physical, numbered WebWall artefact for reports that materially improve the security posture of the platform or one of its customers

Security mail: security@webwall.ai
Post: X and Me Technology AG, Zurich, Switzerland. We will provide a physical drop-address on request for hardware-based disclosures.