Last Updated: February 23, 2026
At Overpath, we consider the security of our systems a top priority. No matter how much effort we put into system security, there can still be vulnerabilities. If you discover a vulnerability, we would like to know about it so we can take steps to address it as quickly as possible.
1. How to Report
Please email your findings to security@overpath.ai.
Include: A detailed description of the vulnerability and steps to reproduce it (e.g., scripts, screenshots, or URL parameters).
Language: Please submit reports in English.
Encryption: For sensitive reports, please zip and password protect the information.
What is In-Scope?
We are primarily interested in vulnerabilities that could lead to unauthorized data access or system compromise:
Infrastructure: Remote Code Execution (RCE), SQL Injection, or Authentication bypass.
AI Security: Prompt injection that leads to unauthorized data exfiltration or access to other users' data.
API: Broken object-level authorization (BOLA) or unauthenticated access to internal endpoints.
Out of Scope
The following are not considered security vulnerabilities under this policy:
AI Behavior: Hallucinations, bias, or the AI being "mean" (please report these as General Feedback instead).
Social Engineering: Phishing attacks against Overpath employees or users.
Volumetric Attacks: DDoS or any testing that disrupts service for others.
Known Public Files: Reports of public
robots.txtor similar files.
Our Commitments
If you follow these guidelines, Overpath commits to:
Safe Harbor: We will not pursue legal action or initiate law enforcement investigations against you.
Acknowledgement: We will respond to your report within 3 business days.
Confidentiality: We will handle your report with strict confidentiality and will not share your personal details with third parties without your permission.
Recognition: With your permission, we will publicly acknowledge your contribution in our "Security Hall of Fame" once the issue is resolved.
© 2026 Overpath Ltd. All Rights Reserved.
