Security
Current public-site posture
This page describes the WordPress theme surface, not a live AI runtime. Hosting, DNS, TLS, headers, backups, and server logs must be verified in the deployed environment.
Current non-capabilities
- No browser-based command execution.
- No local filesystem access.
- No localhost access.
- No hidden agent actions.
- No payments.
- No autonomous runtime decisions.
Still to verify after launch
- HTTPS and HSTS.
- Content Security Policy.
- Backup and access-control process.
- Dependency and plugin inventory.
- Incident response ownership.
Report a vulnerability
Use the responsible disclosure page for security reports. Do not run destructive tests, social engineering, credential attacks, or scanning outside explicit authorization.
Open Responsible Disclosure