Benten Engine is in active pre-release development as of 2026-04. Only the latest commit on main receives security updates. No versioned releases have shipped yet.

Do not open a public GitHub issue for security-sensitive findings.

Email security reports to ben@benten.ai with:

• A description of the vulnerability
• Steps to reproduce (ideally a minimal proof-of-concept)
• Your assessment of impact + severity
• Any disclosure timeline constraints on your side

We aim to acknowledge reports within 72 hours and to land a mitigation or documented workaround within 14 days for critical-severity findings. For lower-severity findings, we will work with you on a mutually-agreed timeline.

Once a fix lands, we will publish:

• A GitHub Security Advisory with the affected commit range + CVE if applicable
• A changelog entry noting the fix
• Credit for the reporter (with permission)

This policy covers the benten-engine repository and its published crates / npm packages. Third-party dependencies are out of scope — report those upstream.

• Findings that require an attacker to already have root / filesystem access to the host machine
• Theoretical issues without a demonstrated exploit path
• Denial-of-service via pathological inputs to the TypeScript DSL on a single trusted process. The substantive threat model has expanded considerably through Phase-3 (Atrium peer-to-peer sync + UCAN delegation chains + multi-device cryptographic attestation; 18 named adversarial fixtures sync-attack-1..18) and Phase-4-Foundation (admin UI v0 + plugin manifest schema with three-layer consent; 12 T-class threat categories per admin-ui-v0-threat-model.md). See docs/SECURITY-POSTURE.md Compromise registry + admin-ui-v0-threat-model.md for the current in-scope surface; this exclusion only covers DSL-input-only DoS on a single trusted process.
• Documented known limitations (see the release notes and changelog entries for the current commit); new findings that sharpen the scope of a known limitation ARE in scope