YAI is an early-stage source-available project. It is not currently offered with production support, a vulnerability bounty, or a response-time SLA.

Useful security reports include issues involving unintended code execution, unsafe file or process access, credential or secret exposure, unsafe local runtime behavior, dependency vulnerabilities, or documentation that could lead users to operate the project outside its stated license and safety posture.

Security contact pending.

Please do not publicly disclose sensitive vulnerabilities before maintainers have had a reasonable chance to review and respond. Include enough detail to reproduce the issue, the affected commit or version if known, and any relevant environment details.