At Autoplay.ai, the security and privacy of our users, customers, and systems are top priorities. We greatly appreciate the work of security researchers and welcome reports of potential vulnerabilities through our responsible disclosure process.
If you believe you’ve found a security issue in our products or infrastructure, we encourage you to report it responsibly.
To promote a secure and respectful environment, we ask researchers to:
Report vulnerabilities privately and promptly to our security team.
Avoid data destruction, service disruption, or accessing personal user data.
Do not use social engineering, phishing, spam, or physical attacks.
Allow us a reasonable time to investigate and fix the issue before any public disclosure.
We are committed to responding quickly and keeping you informed throughout the remediation process.
We are currently accepting vulnerability reports for:
All services under *.autoplay.ai
Our public API endpoints
Frontend and backend apps maintained by Autoplay.ai
Out of Scope (for now):
Denial-of-Service (DoS/DDoS) attacks
SPF/DMARC/DNS configuration suggestions
Clickjacking on pages without sensitive actions
Third-party services not operated by Autoplay.ai
Please send your findings to:
Include as much detail as possible to help us triage the issue quickly:
URL or system affected
Vulnerability type
Steps to reproduce
Proof of concept (if available)
Your contact information (optional)
We pledge not to pursue legal action against individuals who:
Engage in good faith security research consistent with this policy
Report vulnerabilities promptly and confidentially
Avoid harming Autoplay.ai users, systems, or data
Your efforts to help keep our platform safe are genuinely appreciated.
