SECURITY

Security at Agnile.

Agnile works on safety- and security-critical engineering systems. We take vulnerability reporting seriously and welcome responsible disclosure for Agnile-owned websites, applications, and systems.

RESPONSIBLE DISCLOSURE

How to Contact Us

We welcome reports of security vulnerabilities from researchers and engineers. If you believe you have identified a security issue affecting agnile.com or any Agnile Technologies product, please contact us through one of the channels below.

Preferred channel

Contact form

Open the contact form

Mark the topic as “Security” in the message. The same team triages security disclosures and engineering enquiries; we respond within one business day to qualified reports.

For initial contact, a short description of the issue and severity estimate is sufficient. We'll respond to confirm receipt within 2 business days.

WHAT IS IN SCOPE

Scope of the Disclosure Policy

In Scope

  • agnile.com website and subdomains
  • Agnile-operated KAVACH web services or managed pilot environments, where applicable
  • Authentication and authorization flaws on any Agnile property
  • Data exposure (PII, customer project data, credentials)
  • Server-side vulnerabilities (SSRF, SQL injection, RCE, etc.)
  • Cryptographic implementation issues in Agnile-built systems

Out of Scope

  • Third-party services Agnile uses but does not control (e.g., Vercel, Resend, GitHub, AWS infrastructure-level issues — report those to the respective vendors)
  • Denial-of-service attacks (do not perform)
  • Social engineering of Agnile employees
  • Physical security of Agnile offices
  • Findings from automated scanning tools without demonstrated exploitability
  • Missing security headers where there is no demonstrated attack path
  • Reports based on information in our public blog posts or marketing content

SAFE HARBOR

We Won't Pursue Legal Action Against Good-Faith Researchers

Agnile Technologies will not pursue legal action against security researchers who:

  • Make a good-faith effort to avoid privacy violations, data destruction, and service disruption
  • Only interact with accounts they own or have explicit permission to access
  • Do not exploit a finding beyond what is necessary to demonstrate impact
  • Report the vulnerability privately, before any public disclosure, and allow reasonable time for remediation
  • Do not demand payment as a condition of disclosure

This is not a bug bounty program. We do not offer monetary rewards, but we will acknowledge significant findings in a public security acknowledgments list once the issue is fixed (with researcher permission).

WHAT TO EXPECT

Our Response

  • Initial acknowledgment: within 2 business days
  • Triage and severity assessment: within 5 business days
  • Fix timeline (varies by severity):
    • Critical: targeted for fix within 7 days
    • High: within 30 days
    • Medium: within 90 days
    • Low: next regular release cycle
  • Post-fix disclosure: we will confirm the fix with you and agree on any public disclosure timing

QUICK REFERENCE

Contact Summary

Preferred channel
Contact form (agnile.com/contact)
Machine-readable policy
/.well-known/security.txt

Contact Us.

Agnile supports safety-, security-, and mission-critical engineering programmes across automotive, aerospace, embedded, IoT, enterprise software, cybersecurity, safety, V&V, digital engineering, and KAVACH.