What this page is
Most AI security vendors run closed Vulnerability Disclosure Programs (VDPs). When a researcher finds a bug, they sign an NDA. The fix ships quietly. The customer never knows their data was exposed for 90 days while a private patch was negotiated.
We don't. aiegis publishes its own audit log within hours of finding a bug.
This page is that log.
2026-04-28 — 14-fix Security Hardening Sweep
Trigger: Internal red-team during scheduled paired-engineer session (Velo + Nel). Found 14 distinct issues across 12 endpoints + 2 anti-patterns.
Time-to-fix: All 14 patched within 4 hours of first finding. Backend re-deployed 6 times during the working day.
Customer impact: Zero. Single-tenant pilot, all findings caught before any external customer was exposed.
| # | Class | Endpoint / Issue | Severity | Fix |
|---|---|---|---|---|
| 1 | dead-man-switch reversal | /api/agents/{id}/release flipped status to ACTIVE then auto-loop reverted to QUARANTINED before customer mac could heartbeat |
HIGH | Patched endpoint to bump last_seen=now() atomically with status flip |
| 2 | unauthenticated info-disclosure | /api/agents/stats returned org-wide counts without auth |
MEDIUM | Depends(require_admin) |
| 3 | unauthenticated cross-agent leak | /api/agents/{id}/activity exposed prompt-injection threats + DOS patterns + customer-internal context |
HIGH | Depends(require_admin) |
| 4 | unauthenticated stale-agent enum | /api/agents/stale enumerated dead/quarantined agents |
MEDIUM | Depends(require_admin) |
| 5 | unauthenticated agent-list | /api/agents/public listed all agents + status |
MEDIUM | Depends(require_admin) |
| 6 | dead-man-switch config disclosure | /api/deadman/config GET leaked timing thresholds (attack-window enumeration) |
MEDIUM | Depends(require_admin) |
| 7 | all-tenant activity leak | /api/activity returned 100 most recent decisions across ALL tenants |
HIGH | Depends(require_admin) |
| 8 | internal codename + path leak | /api/status/full returned "platform": "Project 490" (internal codename) + anchor_dir filesystem path |
HIGH | Depends(require_admin) + codename redacted |
| 9 | operational telemetry leak | /api/integration/health returned per-layer telemetry (queue depth, P95 latency) |
MEDIUM | Depends(require_admin) |
| 10 | scale + test-count leak | /audit returned total scans + threats blocked + internal test count |
MEDIUM | Depends(require_admin) |
| 11 | internal-path disclosure | /api/genesis/anchor returned anchor_dir: /opt/AIEGIS/config/... filesystem path |
MEDIUM | Depends(require_admin) |
| 12 | 200-on-auth-fail | /api/log returned HTTP 200 with {status:"error"} body on bad key — silently looked successful in logs |
MEDIUM | JSONResponse(status_code=401, ...) |
| 13 | 200-on-auth-fail (sibling) | similar pattern at /api/whatever (line 4851) |
MEDIUM | same fix |
| 14 | UI fake-success regression | /agents page rendered fake demo customer data on auth-fail + faked quarantine/release button success |
MEDIUM | Removed demo fallback + replaced with honest "Login required" empty state + error toast |
Industry context
CVE assignments in our category in 2026 so far: - aiegis: 0 CVEs (pre-customer pilot, internal-only) - Microsoft Purview / Azure MCP / Copilot: 7+ CVEs in 6 months - Strac, Nightfall, LayerX, Cyberhaven: 0 published CVEs (closed VDPs)
The 14 issues we patched today are the same class as CVE-2026-32173 (Azure SRE Agent improper auth, CVSS 8.6). Our competitors with closed VDPs likely patched similar issues this week without disclosure. We chose to publish.
Our coordinated VDP commitment
- Detection-to-patch SLA: 24 hours for any finding HIGH or above. Today's 14-fix sweep: 4 hours.
- Public disclosure: within 7 days of patch ship, on this page.
- No NDA required for security researchers. Email [email protected] + we publish your finding (or anonymize per your request).
- Scope: all aiegis.ie endpoints + browser extension + future native binaries.
- Out of scope: social engineering, physical access, customer mac OS-level vulnerabilities.
Why we publish
EU AI Act Article 12 requires logging of AI decisions for traceability. This is the baseline. Our public audit log is a deliberate over-and-above choice — we believe customers buying an AI governance product should be able to verify the governance vendor's own security hygiene.
If you find an issue, email [email protected].
Last updated: 2026-04-28 13:55 IST Next update: on next finding (pre-customer pilot; previously-stated weekly cadence resumes once we exit pre-customer state) Signing key: [public PGP key here once shipped]