If you discover a security vulnerability within NobodyWho, please follow these steps:
- DO NOT disclose the vulnerability publicly
- Send a direct message to the maintainers through:
- Discord: Join our Discord server and message an admin
- Matrix: Contact us on Matrix
- Email: services@artificialmind.ai
Please include:
- A description of the vulnerability
- Steps to reproduce
- Potential impact
- Suggested fix (if any)
We will acknowledge receipt of your report within 72 hours and will send you regular updates about our progress.
NobodyWho runs LLMs locally on your machine. While this eliminates many traditional security concerns associated with cloud-based AI services, please be aware of:
- Model file integrity - Only download models from trusted sources
- Input validation - Be cautious with user input that gets passed to the LLM
- Output safety - LLM outputs should be treated as untrusted content
We kindly ask you to:
- Give us reasonable time to fix the issue before disclosing it
- Make a good faith effort to avoid privacy violations, data destruction, and service interruption
- Not exploit the vulnerability beyond what is necessary to demonstrate the issue