BURP-AI/SECURITY.md

🔐 Security Policy

📬 Reporting a Vulnerability

If you discover a security issue, please report it via:

• GitHub Security Advisory (preferred)

Do not open public issues for vulnerabilities.

---

📌 Scope

In scope:

• Security vulnerabilities in the application or extension
• Data leaks, auth issues, or unsafe request handling
• AI-related issues (prompt injection, misuse, data exposure)

Out of scope:

• Theoretical issues without proof
• Third-party services

---

⚠️ Guidelines

• Provide clear steps to reproduce
• Include proof-of-concept if possible
• Do not publicly disclose before a fix

---

🛡️ Note

This project is intended for ethical and defensive security research only.