From 40927d2f75bd928f99155653b90a2762919a3f1c Mon Sep 17 00:00:00 2001 From: Matt Holt Date: Thu, 5 Feb 2026 06:12:26 -0700 Subject: [PATCH] Require disclosure of LLM usage in security reports Added requirement to disclose the use of LLMs in security reports. --- .github/SECURITY.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/SECURITY.md b/.github/SECURITY.md index 6f13031b9..1ca84f55f 100644 --- a/.github/SECURITY.md +++ b/.github/SECURITY.md @@ -33,6 +33,8 @@ We get a lot of difficult reports that turn out to be invalid. Clear, obvious re First please ensure your report falls within the accepted scope of security bugs (above). +**YOU MUST DISCLOSE THE USE OF LLMs ("AI"), WHETHER FOR DISCOVERING SECURITY BUGS OR WRITING THE REPORT.** Even if you are using AI as part of writing the report or its replies, we require you to mention the extent of it. + We'll need enough information to verify the bug and make a patch. To speed things up, please include: - Most minimal possible config (without redactions!)