From 5ff50779ccf1d5698bba48d140b713cff1a09390 Mon Sep 17 00:00:00 2001 From: Matt Holt Date: Mon, 9 Feb 2026 14:40:41 -0700 Subject: [PATCH] Update LLM disclosure requirements in SECURITY.md Clarified disclosure requirements for LLMs in security reports. --- .github/SECURITY.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/SECURITY.md b/.github/SECURITY.md index 1ca84f55f..5da8fdf30 100644 --- a/.github/SECURITY.md +++ b/.github/SECURITY.md @@ -33,7 +33,7 @@ We get a lot of difficult reports that turn out to be invalid. Clear, obvious re First please ensure your report falls within the accepted scope of security bugs (above). -**YOU MUST DISCLOSE THE USE OF LLMs ("AI"), WHETHER FOR DISCOVERING SECURITY BUGS OR WRITING THE REPORT.** Even if you are using AI as part of writing the report or its replies, we require you to mention the extent of it. +**YOU MUST DISCLOSE THE USE OF LLMs ("AI") INVOLVED IN ANY WAY.** Whether you are using AI for discovery, as part of writing the report or its replies, and/or testing or validating proofs and changes, we require you to mention the extent of it. **FAILURE TO INCLUDE A DISCLOSURE MAY LEAD TO IMMEDIATE DISMISSAL OF YOUR REPORT.** We'll need enough information to verify the bug and make a patch. To speed things up, please include: