Security Policy
Security is critical for any protocol that orchestrates multiple AI models. This page covers how to report vulnerabilities, the security considerations you should be aware of when deploying ACP, and a production readiness checklist.
Supported Versions
Security patches are only provided for currently supported versions. Upgrade to the latest supported version to receive timely fixes.
| Version | Supported |
|---|---|
4.0.x | Yes |
< 4.0 | No |
Reporting a Vulnerability
Do not open public issues
Never report security vulnerabilities through public GitHub issues, discussions, or pull requests. Use the private reporting channel described below.
How to Report
Send vulnerability reports by email. Include as much detail as possible to help us reproduce and assess the issue.
| Detail | Value |
|---|---|
| security@axiomprotocol.org | |
| Expected Response Time | Within 48 hours |
Your report should include the following information:
- Description of the vulnerability
- Steps to reproduce the issue
- Potential impact and severity assessment
- Suggested fix, if you have one
What to Expect
After you submit a report, the process follows a structured timeline:
| Step | Timeline | Description |
|---|---|---|
| 1. Acknowledgment | Within 48 hours | We confirm receipt of your report and assign a tracking ID. |
| 2. Investigation | Days 3-30 | We investigate the vulnerability and provide an estimated timeline for resolution. |
| 3. Fix | During investigation | A fix is developed, reviewed, and tested internally. |
| 4. Disclosure | Day 30 | Coordinated disclosure with the reporter. We work with you on timing. |
| 5. Credit | At disclosure | You are credited in the security advisory, unless you prefer to remain anonymous. |
Security Considerations
The following areas require particular attention when deploying and operating ACP.
API Keys
- Never commit API keys to version control
- The
.envfile is gitignored by default -- use it for local development secrets - Use environment variables for all secrets in production
- Rotate keys regularly and immediately after any suspected exposure
Worker API Authentication
- Authentication is enforced via the
x-openrouter-keyheader - Rate limiting is enforced at the edge: 100 requests per minute, 10 requests per second burst
- Query text is not logged to protect user privacy
Python Backend
- Run behind a reverse proxy (nginx, Caddy) in production -- never expose the FastAPI server directly
- Enable HTTPS/TLS for all connections
- Set the
ACP_API_KEYenvironment variable for API authentication - Configure firewall rules to restrict access to trusted sources
Database Security
- PostgreSQL connections must require authentication
- Use strong passwords with a minimum of 16 characters
- Enable SSL for all database connections
- Perform regular encrypted backups and test restoration
Known Limitations
LLM Output Safety
ACP consensus does not guarantee safe or ethical output. Models can produce harmful content even when consensus is reached. For production deployments, implement content filtering and output validation as an additional layer on top of ACP.
Cost Controls
Consensus queries involve multiple LLM calls across multiple iterations and can become expensive, especially with large models. Set spending limits on your LLM provider account and use smaller models for testing and development.
Denial of Service
Rate limiting is enforced at the Cloudflare edge layer. If you are self-hosting the Python backend, implement additional rate limiting at the reverse proxy or application level to prevent abuse.
Production Checklist
Before deploying to production
Verify that every item on this checklist is addressed before exposing ACP to production traffic. Skipping any of these steps may leave your deployment vulnerable.
| Item | Description |
|---|---|
ACP_API_KEY | Set a strong API key for authentication on all endpoints. |
| HTTPS/TLS | Enable TLS termination at your reverse proxy or load balancer. |
| Database SSL | Configure PostgreSQL to require SSL connections. |
| LLM spending limits | Set spending caps on your OpenRouter, OpenAI, or Anthropic account. |
| Rate limiting | Configure rate limits at the edge and/or reverse proxy layer. |
| Logging and monitoring | Enable structured logging and set up alerts for error spikes. |
| Dependency updates | Establish a regular cadence for updating Python and npm dependencies. |
Environment Variables
The following environment variables control security-related behavior:
Required
OPENROUTER_API_KEY=sk-or-v1-xxxRecommended
ACP_API_KEY=xxx
DATABASE_URL=postgresql://...Never hardcode secrets
All secrets should be provided through environment variables or a secrets manager. The .env file is for local development only and must never be committed to version control.