Most AI security vendors run closed Vulnerability Disclosure Programs (VDPs). When a researcher finds a bug, they sign an NDA. The fix ships quietly. The customer never knows their data was exposed for 90 days while a private patch was negotiated.
We don't. AiEGIS publishes its own audit log within hours of finding a bug.
This page is that log.
Trigger: Internal red-team during scheduled paired-engineer session (Velo + Nel). Found 14 distinct issues across 12 endpoints + 2 anti-patterns.
Time-to-fix: All 14 patched within 4 hours of first finding. Backend re-deployed 6 times during the working day.
Customer impact: Zero. Single-tenant pilot, all findings caught before any external customer was exposed.
| # | Class | Endpoint / Issue | Severity | Fix |
|---|---|---|---|---|
| 1 | dead-man-switch reversal | /api/agents/{id}/release flipped status to ACTIVE then auto-loop reverted to QUARANTINED before customer mac could heartbeat |
HIGH | Patched endpoint to bump last_seen=now() atomically with status flip |
| 2 | unauthenticated info-disclosure | /api/agents/stats returned org-wide counts without auth |
MEDIUM | Depends(require_admin) |
| 3 | unauthenticated cross-agent leak | /api/agents/{id}/activity exposed prompt-injection threats + DOS patterns + customer-internal context |
HIGH | Depends(require_admin) |
| 4 | unauthenticated stale-agent enum | /api/agents/stale enumerated dead/quarantined agents |
MEDIUM | Depends(require_admin) |
| 5 | unauthenticated agent-list | /api/agents/public listed all agents + status |
MEDIUM | Depends(require_admin) |
| 6 | dead-man-switch config disclosure | /api/deadman/config GET leaked timing thresholds (attack-window enumeration) |
MEDIUM | Depends(require_admin) |
| 7 | all-tenant activity leak | /api/activity returned 100 most recent decisions across ALL tenants |
HIGH | Depends(require_admin) |
| 8 | internal codename + path leak | /api/status/full returned "platform": "Project 490" (internal codename) + anchor_dir filesystem path |
HIGH | Depends(require_admin) + codename redacted |
| 9 | operational telemetry leak | /api/integration/health returned per-layer telemetry (queue depth, P95 latency) |
MEDIUM | Depends(require_admin) |
| 10 | scale + test-count leak | /audit returned total scans + threats blocked + internal test count |
MEDIUM | Depends(require_admin) |
| 11 | internal-path disclosure | /api/genesis/anchor returned anchor_dir: /opt/aegis/config/... filesystem path |
MEDIUM | Depends(require_admin) |
| 12 | 200-on-auth-fail | /api/log returned HTTP 200 with {status:"error"} body on bad key — silently looked successful in logs |
MEDIUM | JSONResponse(status_code=401, ...) |
| 13 | 200-on-auth-fail (sibling) | similar pattern at /api/whatever (line 4851) |
MEDIUM | same fix |
| 14 | UI fake-success regression | /agents page rendered fake demo customer data on auth-fail + faked quarantine/release button success |
MEDIUM | Removed demo fallback + replaced with honest "Login required" empty state + error toast |
CVE assignments in our category in 2026 so far: - AiEGIS: 0 CVEs (pre-customer pilot, internal-only) - Microsoft Purview / Azure MCP / Copilot: 7+ CVEs in 6 months - Strac, Nightfall, LayerX, Cyberhaven: 0 published CVEs (closed VDPs)
The 14 issues we patched today are the same class as CVE-2026-32173 (Azure SRE Agent improper auth, CVSS 8.6). Our competitors with closed VDPs likely patched similar issues this week without disclosure. We chose to publish.
EU AI Act Article 12 requires logging of AI decisions for traceability. This is the baseline. Our public audit log is a deliberate over-and-above choice — we believe customers buying an AI governance product should be able to verify the governance vendor's own security hygiene.
If you find an issue, email security@aiegis.ie.
Last updated: 2026-04-28 13:55 IST Next update: 2026-04-29 (weekly cadence regardless of findings) Signing key: [public PGP key here once shipped]