---
title: "Security Research Program"
description: "Report security vulnerabilities and help us build safe and reliable tools"
---

# Security Research Program

At Arcade, security is fundamental to our mission of building safe and reliable tools. We recognize that the security research community plays a valuable role in identifying potential vulnerabilities.

## Scope

Our program covers security issues in:
* Arcade production services and APIs
* Agent authentication and authorization mechanisms
* Data handling and storage systems
* Published open-source components

## What we're looking for

We're interested in reports about:
* Authentication or authorization bypasses
* Data exposure or leakage
* Injection vulnerabilities
* Logic flaws affecting agent behavior
* Issues that could compromise user data or agent integrity

## Reporting process

Please email [security@arcade.dev](mailto:security@arcade.dev) with:
* A clear description of the issue
* Steps to reproduce
* Potential impact assessment
* Any relevant proof-of-concept code (please be responsible)

We'll acknowledge receipt within 72 hours and aim to provide an initial assessment within one week.

## Guidelines

* Please allow us reasonable time to address issues before public disclosure
* Avoid automated scanning that could impact service availability
* Do not access or modify other users' data
* Keep any discovered vulnerabilities confidential until resolved

## Recognition

While we're a small team with limited resources, we appreciate the effort researchers put into improving our security. We'll credit researchers (with permission) in our security updates and may provide modest rewards for significant findings on a case-by-case basis.

For questions about this program, please contact [security@arcade.dev](mailto:security@arcade.dev).