Boundless API
  • Product
  • Models
  • Pricing
  • Status
  • Docs
EN中
Get $5 on signup

Security Disclosure Policy

Boundless API welcomes responsible security research.

Last updated: June 16, 2026
On this page
  1. Reporting a Vulnerability
  2. What to Expect
  3. Scope
  4. Safe Harbor
  5. Recognition
  6. Contact
Live model IDs

Copy exactly — case-sensitive, no spaces. Details →

  • claude-sonnet-4-6
  • claude-opus-4-8
  • claude-opus-4-7
  • claude-haiku-4-5-20251001
  • gpt-5.5
  • gpt-5.4
Full catalog →

Boundless API welcomes responsible security research.


Reporting a Vulnerability

Email security@boundlessapi.com with:

  • Description of the vulnerability
  • Steps to reproduce
  • Potential impact assessment
  • Your contact information

Please do not publicly disclose before we have had reasonable time to respond.


What to Expect

Timeline Action
24 hours Acknowledgment of report
72 hours Initial assessment
30 days Target fix for critical issues
90 days Coordinated disclosure (if applicable)

Scope

In scope:

  • api.boundlessapi.com
  • boundlessapi.com and dashboard
  • Authentication and authorization flaws
  • Data exposure vulnerabilities
  • Injection attacks

Out of scope:

  • Social engineering
  • Physical attacks
  • Denial of service attacks
  • Issues in third-party services (report to provider)
  • Bugs in upstream model providers

Safe Harbor

We will not pursue legal action against researchers who:

  • Act in good faith
  • Avoid privacy violations and data destruction
  • Do not access data beyond what is necessary to demonstrate the issue
  • Report promptly and keep findings confidential until resolved

Recognition

We maintain a security acknowledgments page (optional) for researchers who report valid issues. No bounty program at launch — under evaluation.


Contact

security@boundlessapi.com

PGP key: [TBD — publish before launch]

© 2026 Boundless API · Home · Privacy Policy · Terms