Security

AgentSurge uses TLS-protected transport, request validation, anti-abuse controls, and role-appropriate access patterns across production workflows.

We maintain guardrails such as rate limiting and spam traps on public write endpoints to reduce automated abuse.

Core health status is exposed through runtime checks to support transparent operational validation during deployment and maintenance.

We review logs and infrastructure alerts to detect anomalies and keep scanner/waitlist reliability stable.

If you discover a vulnerability, please report it privately with reproduction steps and impact context. We will investigate and remediate in priority order.

Please avoid public disclosure until a fix is available and validated in production.