Clár Luach Saothair Fhabhtanna

Alínithe le MiCA | Creat Rialachais Chorparáidigh Delaware

Dáta Éifeachtach: 17 Feabhra 2026
Nuashonraithe go deireanach: 17 Feabhra 2026

Responsible Disclosure & Bug Bounty Program

AI Vault Systems Inc. (“AI Vault,” “Company,” “we,” “us,” or “our”) is committed to maintaining strong cybersecurity controls, operational resilience, and integrity across its digital infrastructure and the Virdato (VIRD) utility token ecosystem.

This Responsible Disclosure Program establishes an authorized channel for coordinated vulnerability disclosure and defines eligibility criteria for discretionary recognition and rewards.

Tá an clár seo struchtúrtha chun teacht le:

  • Prionsabail na Frithsheasmhachta Oibríochtúla Digití de chuid an AE
  • Markets in Crypto-Assets (MiCA) operational risk expectations
  • Riachtanais chosanta sonraí an RGCS
  • U.S. cybersecurity best practices
  • Caighdeáin rialachais chorparáidigh Delaware

1. Cuspóir

The purpose of this program is to:

  • Encourage responsible security research
  • Identify vulnerabilities before malicious exploitation
  • Strengthen platform integrity and user trust
  • Support operational resilience in a regulated digital asset environment

2. Scóip

A. Bonneagar

  • Feidhmchláir ghréasáin táirgthe
  • Backend services and microservices
  • Authentication & identity systems
  • Píblínte próiseála sonraí
  • Timpeallachtaí óstála néil
  • CI/CD and deployment logic

B. APIanna

  • Críochphointí API poiblí agus príobháideacha
  • Access control logic
  • Rialuithe teorannaithe rátaí
  • Reward calculation engines
  • Signature validation systems

C. Blockchain & Token Systems

  • Conarthaí cliste Virdato (VIRD)
  • Lochas dáilte luach saothair
  • Claim thresholds and vesting controls
  • Gas efficiency logic (where exploitable)
  • On-chain/off-chain synchronization mechanisms

D. Comhtháthuithe

  • Ceanglóirí sparán tríú páirtí
  • Payment processors (where under Company control)
  • Oracle integrations

3. Lasmuigh den Scóip

  • Ionsaithe diúltú seirbhíse gan léiriú go bhfuil slándáil sáraithe
  • Iarrachtaí innealtóireachta sóisialta
  • Tástáil slándála fisiciúla
  • Economic speculation or token price manipulation
  • Third-party services not under Company control
  • Sceitheanna uathoibrithe gan inúsáidteacht fhíoraithe
  • Theoretical vulnerabilities requiring unrealistic threat models

4. Riachtanais um Nochtadh Freagrach

Chun cáiliú faoin gclár seo, ní mór do thaighdeoirí:

  • Submit findings privately to: security@aivaultsystems.com
  • Provide clear reproduction steps
  • Include proof-of-concept evidence
  • Describe technical impact
  • Estimate CVSS v3.1 score where possible
  • Identify affected contracts, endpoints, or components

Researchers must NOT:

  • Exfiltrate user data
  • Exploit vulnerabilities for financial gain
  • Mint tokens or manipulate reward pools
  • Disrupt services beyond minimal proof-of-concept
  • Disclose findings publicly prior to coordinated remediation

5. Calafort Sábháilte

If you act in good faith and strictly within the scope of this policy:

  • AI Vault will not pursue civil litigation
  • The Company will not refer compliant research to law enforcement
  • Security testing conducted under this program is considered authorized

Safe harbor applies only to actions fully compliant with this policy.

6. Severity Classification Framework

Vulnerabilities are assessed using a hybrid evaluation model incorporating:

  • CVSS v3.1 scoring
  • Nochtadh riosca conartha chliste
  • Tionchar eacnamaíoch comhartha
  • Méid nochtadh sonraí
  • Poitéinseal ardaithe pribhléid
  • Regulatory and operational exposure

Severity Levels

Critical (CVSS 9.0–10.0)
  • Cothromú neamhúdaraithe comharthaí
  • Reward pool drain
  • Admin key compromise
  • Authentication bypass with systemic impact
High (CVSS 7.0–8.9)
  • Signature replay
  • Privilege escalation
  • Major reward logic bypass
Medium (CVSS 4.0–6.9)
  • Rate-limit bypass
  • Limited data exposure
  • Non-critical logic flaws
Low (0.1–3.9)
  • Configuration issues
  • Cosmetic API disclosures

7. Bug Bounty Reward Structure (Discretionary)

All rewards are discretionary and based on verified impact.

Droch-thró Indicative Range (USD)
Ríthábhachtach $5,000 – $25,000+
Ard $1,000 – $5,000
Meánach $250 – $1,000
Íseal Aitheantas poiblí

Féadfar luachanna a eisiúint i:

  • USD (aistriú sreinge)
  • EUR (aistriú SEPA)
  • VIRD utility tokens (Company discretion)

Participation does not create employment, partnership, fiduciary, or contractual rights.

8. Incident Response Timeline

  • Acknowledgment: within 72 hours
  • Initial triage: 3–7 business days
  • Critical remediation: 7–21 days
  • High remediation: 14–30 days
  • Medium/Low remediation: 30–60 days

Timelines may accelerate where systemic or token integrity risk exists.

9. Confidentiality & Coordinated Disclosure

Reports are treated confidentially. Public disclosure may occur only after remediation and coordinated agreement.

10. Regulatory Positioning

This program supports proactive ICT risk mitigation consistent with EU digital operational resilience principles. Nothing herein constitutes regulatory admission, crypto-asset service classification, or financial instrument status.

11. Delaware Corporate Notice

AI Vault Systems Inc. is incorporated in Delaware, United States. This program does not create contractual, employment, or partnership relationships. All disputes are governed by Delaware law unless mandatory EU protections apply.

12. Secure Reporting (PGP)

Researchers are encouraged to encrypt sensitive submissions.

Ríomhphost: security@aivaultsystems.com
Key Type: RSA 4096
Fingerprint: [INSERT FINGERPRINT]

-----BEGIN PGP PUBLIC KEY BLOCK-----
[INSERT PUBLIC KEY HERE]
-----END PGP PUBLIC KEY BLOCK-----