Kakunin is compliance and identity infrastructure — we treat security reports with the highest priority.
Do not open a public GitHub issue for security vulnerabilities.
Email security@kakunin.ai with:
- A description of the issue and its impact
- Steps to reproduce (proof-of-concept if possible)
- Affected component and version/commit
You will receive an acknowledgment within 48 hours and a triage decision within 5 business days.
- We follow coordinated disclosure with a 90-day window from report to public disclosure.
- We will credit reporters in release notes and our security acknowledgments page unless you prefer to remain anonymous.
- Please act in good faith: no data exfiltration, no service disruption, and only test against infrastructure you own. Do not test against the hosted platform (api.kakunin.ai) or other tenants.
In scope: the source code in this repository. The hosted Kakunin platform, its certificate authority, and its infrastructure are a separate track — still report to security@kakunin.ai, and we will route it.