We welcome reports from security researchers. This page tells you how to reach us and what to expect.
Email security@omniguardlabs.com (also listed in our security.txt). Include a clear description, affected asset/URL, reproduction steps, and — in the OmniGuard spirit — a proof of impact where possible. Encrypt sensitive details on request.
OmniGuard Labs web properties and the OmniAudit platform. Please do not test against third-party services, other customers, or production data you do not own.
Act in good faith, avoid privacy violations and service disruption, do not exfiltrate data beyond what is needed to demonstrate a finding, and give us reasonable time to remediate before any public disclosure. We will not pursue researchers who follow this policy.
We acknowledge reports promptly, keep you updated on remediation, and credit researchers who wish to be named once a fix ships.
Ask you for private keys, seed phrases, passwords, or funds. Any message doing so is not from us. We
reply only from a verified @omniguardlabs.com address (DMARC-protected).