| Version | Supported |
|---|---|
| 2.0.x | ✅ |
| < 2.0 | ❌ |
If you discover a security vulnerability in APEX-1, please report it responsibly:
- DO NOT open a public GitHub issue for security vulnerabilities
- Report via DM on our Discord server
- Include a detailed description of the vulnerability
- Include steps to reproduce if possible
- We will acknowledge receipt within 48 hours
- We will provide a fix timeline within 7 days
Security concerns for APEX-1 include:
- Model weight tampering or injection
- Checkpoint deserialization vulnerabilities
- Tokenizer exploits (adversarial inputs)
- Training data poisoning vectors
- Inference-time prompt injection
- Denial of service via crafted inputs
We follow a 90-day responsible disclosure policy. We ask that you give us reasonable time to address the vulnerability before public disclosure.