Skip to content

Security: VapiAI/vapi-labs

SECURITY.md

Security Policy

This is a showcase repository of demo projects — please read this before reporting.

Reporting a leaked credential

If you find a real API key, token, or credential committed anywhere in this repo (including old commits/history):

  1. Do not open a public issue.
  2. email security@vapi.ai.
  3. We'll rotate/revoke the credential and scrub history.

Reporting other security issues

email security@vapi.ai

What's out of scope

This repo is explicitly experimental, demo code and may not always follow production best practices. This is expected. If in doubt, report it.

Vapi platform vulnerabilities

Vulnerabilities in the actual Vapi platform/API (not this demo repo) should also go to security@vapi.ai.

There aren't any published security advisories