{"id":2311459,"date":"2026-02-17T19:23:30","date_gmt":"2026-02-17T19:23:30","guid":{"rendered":"https:\/\/aivaulttech.com\/?page_id=2311459"},"modified":"2026-02-17T19:23:30","modified_gmt":"2026-02-17T19:23:30","slug":"responsible-disclosure-vulnerability-disclosure-policy","status":"publish","type":"page","link":"https:\/\/aivaulttech.com\/da\/responsible-disclosure-vulnerability-disclosure-policy","title":{"rendered":"Responsible Disclosure &#038; Vulnerability Disclosure Policy"},"content":{"rendered":"<p><strong>AI Vault Systems Inc.<\/strong> <br>(opererer i USA og EU via AI Vault Iberia S.L.)<\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\">1. Form\u00e5l<\/h2>\n\n\n\n<p>AI Vault Systems Inc. (\u201cAI Vault\u201d, \u201cvirksomheden\u201d, \u201cvi\u201d, \u201cvores\u201d) opretholder et koordineret program for offentligg\u00f8relse af s\u00e5rbarheder for at sikre sikkerhed, integritet og modstandsdygtighed:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Vores AI-datainfrastruktur<\/li>\n\n\n\n<li>Cloud-systemer og API'er<\/li>\n\n\n\n<li>Web- og mobilapplikationer<\/li>\n\n\n\n<li>Smarte kontrakter og blockchain-integrationer<\/li>\n\n\n\n<li>Virdatos (VIRD) \u00f8kosystem af utility-tokens<\/li>\n\n\n\n<li>Token-distribution og bel\u00f8nningsmekanismer<\/li>\n<\/ul>\n\n\n\n<p>Vi st\u00f8tter ansvarlig sikkerhedsforskning og opfordrer til koordineret offentligg\u00f8relse i overensstemmelse med g\u00e6ldende amerikansk lovgivning og EU's Markets in Crypto-Assets Regulation (MiCA).<\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\">2. Lovgivningsm\u00e6ssig kontekst (EU MiCA &amp; USA)<\/h2>\n\n\n\n<p>AI Vault Systems Inc. er registreret i Delaware (USA) og kan drive virksomhed eller tilbyde tjenester inden for Den Europ\u00e6iske Union.<\/p>\n\n\n\n<p>Hvor det er relevant, udstedes Virdato (VIRD) som en&nbsp;<strong>V\u00e6rkt\u00f8jstoken<\/strong>&nbsp;i henhold til forordning (EU) 2023\/1114 (MiCA).<\/p>\n\n\n\n<p>I overensstemmelse med MiCA-kravene:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>V\u00e6sentlige drifts- eller sikkerhedsh\u00e6ndelser, der p\u00e5virker \u00f8kosystemet for kryptoaktiver, kan kr\u00e6ve anmeldelse til myndighederne.<\/li>\n\n\n\n<li>V\u00e6sentlige cybersikkerhedsh\u00e6ndelser kan kr\u00e6ve offentligg\u00f8relse til kompetente EU-myndigheder.<\/li>\n\n\n\n<li>Sikkerhedssvagheder, der p\u00e5virker tokenholdere, kan kr\u00e6ve gennemsigtig kommunikation.<\/li>\n<\/ul>\n\n\n\n<p>Intet i denne politik begr\u00e6nser obligatoriske lovgivningsm\u00e6ssige rapporteringsforpligtelser i henhold til:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>MiCA<\/li>\n\n\n\n<li>GDPR<\/li>\n\n\n\n<li>EU's rammer for cybersikkerhed<\/li>\n\n\n\n<li>Amerikansk f\u00f8deral eller statslig lovgivning<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\">3. Omfang<\/h2>\n\n\n\n<p>Denne politik g\u00e6lder for s\u00e5rbarheder, der p\u00e5virker:<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">A. AI Vault-datainfrastruktur<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>AI-behandlingssystemer<\/li>\n\n\n\n<li>Skabende bel\u00f8nningssystemer<\/li>\n\n\n\n<li>Pipelines til indl\u00e6sning af data<\/li>\n\n\n\n<li>Backend-tjenester og API'er<\/li>\n\n\n\n<li>Autentificeringssystemer<\/li>\n\n\n\n<li>Databaser<\/li>\n\n\n\n<li>Cloud-infrastruktur<\/li>\n\n\n\n<li>Analysemaskiner<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">B. Virdato (VIRD) Utility Token-\u00f8kosystem<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Smarte kontrakter (alle underst\u00f8ttede netv\u00e6rk)<\/li>\n\n\n\n<li>Token-kravlogik<\/li>\n\n\n\n<li>Algoritmer med bel\u00f8nningst\u00e6rskel<\/li>\n\n\n\n<li>Valideringstjenester uden for k\u00e6den<\/li>\n\n\n\n<li>Token-dashboards<\/li>\n\n\n\n<li>Integration af tegneb\u00f8ger<\/li>\n\n\n\n<li>Token-distributionssystemer<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\">4. Niveauer for klassificering af h\u00e6ndelser<\/h2>\n\n\n\n<p>Sikkerhedsh\u00e6ndelser klassificeres internt p\u00e5 f\u00f8lgende m\u00e5de:<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">\ud83d\udd34 Kritisk<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Udnyttelse af smart kontrakt muligg\u00f8r token-drain<\/li>\n\n\n\n<li>Uautoriseret pr\u00e6gning eller inflation<\/li>\n\n\n\n<li>Kompromittering af private n\u00f8gler<\/li>\n\n\n\n<li>Masseeksponering af personlige data<\/li>\n\n\n\n<li>Systemisk brud p\u00e5 infrastrukturen<\/li>\n\n\n\n<li>Exploits, der p\u00e5virker token-\u00f8konomien<\/li>\n<\/ul>\n\n\n\n<p>Indsatsm\u00e5l: \u00d8jeblikkelig indd\u00e6mning og n\u00f8dsanering.<\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h3 class=\"wp-block-heading\">\ud83d\udfe0 H\u00f8j<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>S\u00e5rbarheder i forbindelse med eskalering af rettigheder<\/li>\n\n\n\n<li>Omg\u00e5else af autentificeringskontrol<\/li>\n\n\n\n<li>Eksponering af f\u00f8lsomme driftsdata<\/li>\n\n\n\n<li>Betydelig risiko for manipulation af bel\u00f8nning<\/li>\n\n\n\n<li>St\u00f8rre API-udnyttelse<\/li>\n<\/ul>\n\n\n\n<p>M\u00e5l for indsatsen: Fremskyndet afhj\u00e6lpning og potentiel regulatorisk gennemgang.<\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h3 class=\"wp-block-heading\">\ud83d\udfe1 Medium<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Offentligg\u00f8relse af information med begr\u00e6nset effekt<\/li>\n\n\n\n<li>Ikke-kritiske logiske problemer med smartkontrakter<\/li>\n\n\n\n<li>Omg\u00e5else af hastighedsgr\u00e6nse<\/li>\n\n\n\n<li>Mindre fejlberegning af bel\u00f8nning<\/li>\n<\/ul>\n\n\n\n<p>M\u00e5l for respons: Planlagt afhj\u00e6lpning.<\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h3 class=\"wp-block-heading\">\ud83d\udfe2 Lav<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Kosmetiske problemer<\/li>\n\n\n\n<li>Fejl, der ikke kan udnyttes<\/li>\n\n\n\n<li>Mindre svagheder i konfigurationen<\/li>\n<\/ul>\n\n\n\n<p>M\u00e5l for respons: Opl\u00f8sning af vedligeholdelsescyklus.<\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\">5. Rapportering af en s\u00e5rbarhed<\/h2>\n\n\n\n<p>Hvis du identificerer en s\u00e5rbarhed, accepterer du at:<\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li>Giv os omg\u00e5ende besked p\u00e5:<br><strong><a>security@aivaultsystems.com<\/a><\/strong><\/li>\n\n\n\n<li>S\u00f8rg for det:\n<ul class=\"wp-block-list\">\n<li>Detaljeret beskrivelse<\/li>\n\n\n\n<li>Skridt til at reproducere<\/li>\n\n\n\n<li>Ber\u00f8rte URL'er eller kontraktadresser<\/li>\n\n\n\n<li>Transaktionshashes (hvis relevant)<\/li>\n\n\n\n<li>Proof-of-concept-evidens<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li>Afst\u00e5 fra:\n<ul class=\"wp-block-list\">\n<li>Adgang til brugerdata<\/li>\n\n\n\n<li>T\u00f8mmer eller g\u00f8r krav p\u00e5 poletter<\/li>\n\n\n\n<li>\u00c6ndring af systemdata<\/li>\n\n\n\n<li>Udf\u00f8relse af denial-of-service-test<\/li>\n\n\n\n<li>Udnyttelse af bel\u00f8nningssystemer<\/li>\n\n\n\n<li>Manipulation af likviditetspuljer<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li>Giv rimelig tid til afhj\u00e6lpning f\u00f8r offentligg\u00f8relse.<\/li>\n<\/ol>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\">6. Specifikke regler for smartkontrakter og tokens<\/h2>\n\n\n\n<p>For Virdato-relaterede s\u00e5rbarheder:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Udf\u00f8r ikke token-ekstraktion eller likviditetsdr\u00e6ning<\/li>\n\n\n\n<li>Manipuler ikke bel\u00f8nningst\u00e6rskler<\/li>\n\n\n\n<li>M\u00e5 ikke forstyrre tokenforsyningen<\/li>\n\n\n\n<li>Fors\u00f8g ikke med \u00f8konomisk arbitrage<\/li>\n<\/ul>\n\n\n\n<p>Hvis en s\u00e5rbarhed p\u00e5virker token-indehavere, kr\u00e6ves der koordineret offentligg\u00f8relse f\u00f8r offentlig kommunikation.<\/p>\n\n\n\n<p>Uautoriseret manipulation af token kan udg\u00f8re bedrageri eller markedsmisbrug i henhold til EU- og amerikansk lovgivning.<\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\">7. Sikker havn<\/h2>\n\n\n\n<p>AI Vault vil ikke anl\u00e6gge sag mod forskere, der:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Handle i god tro<\/li>\n\n\n\n<li>Undg\u00e5 kr\u00e6nkelser af privatlivets fred<\/li>\n\n\n\n<li>Undg\u00e5 \u00f8konomisk udnyttelse<\/li>\n\n\n\n<li>Overhold denne politik<\/li>\n<\/ul>\n\n\n\n<p>Safe harbor g\u00e6lder ikke for:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Udtr\u00e6kning af tokens<\/li>\n\n\n\n<li>Manipulation af markedet<\/li>\n\n\n\n<li>Indsamling af data<\/li>\n\n\n\n<li>Afbrydelse af service<\/li>\n\n\n\n<li>Fors\u00e6tlig \u00f8konomisk gevinst<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\">8. Unders\u00f8gelse og regulatorisk eskalering<\/h2>\n\n\n\n<p>Efter modtagelse af en gyldig rapport vil vi:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Bekr\u00e6ft modtagelsen inden for en rimelig tidsramme<\/li>\n\n\n\n<li>Unders\u00f8g og valider resultaterne<\/li>\n\n\n\n<li>Klassific\u00e9r sv\u00e6rhedsgrad<\/li>\n\n\n\n<li>Afhj\u00e6lp bekr\u00e6ftede s\u00e5rbarheder<\/li>\n\n\n\n<li>Eskaler til juridisk og compliance-gennemgang, hvis det er n\u00f8dvendigt<\/li>\n\n\n\n<li>Underret tilsynsmyndigheder, hvis det kr\u00e6ves i henhold til MiCA eller g\u00e6ldende lov<\/li>\n<\/ul>\n\n\n\n<p>Hvis MiCA kr\u00e6ver underretning om en v\u00e6sentlig h\u00e6ndelse, der p\u00e5virker indehavere af kryptoaktiver, forbeholder AI Vault sig ret til straks at underrette de kompetente myndigheder.<\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\">9. Offentligg\u00f8relse af oplysninger<\/h2>\n\n\n\n<p>Forskere m\u00e5 ikke offentligg\u00f8re s\u00e5rbarheder f\u00f8r:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Afhj\u00e6lpning er bekr\u00e6ftet, ELLER<\/li>\n\n\n\n<li>En gensidigt aftalt tidsfrist for offentligg\u00f8relse er overskredet<\/li>\n<\/ul>\n\n\n\n<p>For tidlig offentligg\u00f8relse, der for\u00e5rsager \u00f8konomisk skade, symbolsk forstyrrelse eller lovgivningsm\u00e6ssig eksponering, kan oph\u00e6ve safe harbor-beskyttelsen.<\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\">10. Ingen garanti for \u00f8konomisk bel\u00f8nning<\/h2>\n\n\n\n<p>AI Vault kan efter eget sk\u00f8n anerkende gyldige sikkerhedsoplysninger.<\/p>\n\n\n\n<p>Det g\u00f8r denne politik ikke:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Etabler et dus\u00f8rprogram<\/li>\n\n\n\n<li>Opret kontraktlige forpligtelser<\/li>\n\n\n\n<li>Garanti for \u00f8konomisk kompensation<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\">11. Juridisk meddelelse<\/h2>\n\n\n\n<p>Denne politik giver ikke tilladelse:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Uautoriseret systemadgang<\/li>\n\n\n\n<li>Manipulation af tokens<\/li>\n\n\n\n<li>\u00d8konomisk udnyttelse<\/li>\n\n\n\n<li>Omg\u00e5else af tekniske kontroller<\/li>\n\n\n\n<li>Overtr\u00e6delse af EU's eller USA's love om cybersikkerhed<\/li>\n<\/ul>\n\n\n\n<p>Alle tests skal holdes inden for lovlige gr\u00e6nser.<\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\">12. Kontaktoplysninger<\/h2>\n\n\n\n<p>Sikkerhedsrapporter:<br>\u00a0<a>security@aivaultsystems.com<\/a><\/p>\n\n\n\n<p>Virksomhedsenhed:<br>AI Vault Systems Inc.<br>Delaware, USA<\/p>\n\n\n\n<p>EU's operationelle tilstedev\u00e6relse:<br>AI Vault Iberia S.L i Barcelona, Spanien<\/p>","protected":false},"excerpt":{"rendered":"<p>AI Vault Systems Inc. (Operating in the United States and European Union via AI Vault Iberia S.L) 1. Purpose AI Vault Systems Inc. (\u201cAI Vault\u201d, \u201cCompany\u201d, \u201cwe\u201d, \u201cour\u201d) maintains a coordinated vulnerability disclosure program to ensure the security, integrity, and resilience of: We support responsible security research and encourage coordinated disclosure consistent with applicable U.S. [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"parent":0,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"footnotes":""},"class_list":["post-2311459","page","type-page","status-publish","hentry"],"_links":{"self":[{"href":"https:\/\/aivaulttech.com\/da\/wp-json\/wp\/v2\/pages\/2311459","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/aivaulttech.com\/da\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/aivaulttech.com\/da\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/aivaulttech.com\/da\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/aivaulttech.com\/da\/wp-json\/wp\/v2\/comments?post=2311459"}],"version-history":[{"count":1,"href":"https:\/\/aivaulttech.com\/da\/wp-json\/wp\/v2\/pages\/2311459\/revisions"}],"predecessor-version":[{"id":2281459,"href":"https:\/\/aivaulttech.com\/da\/wp-json\/wp\/v2\/pages\/2311459\/revisions\/2281459"}],"wp:attachment":[{"href":"https:\/\/aivaulttech.com\/da\/wp-json\/wp\/v2\/media?parent=2311459"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}