Security

The Tübingen AI Center is striving to offer secure, up-to-date and user friendly online platforms. Unfortunately, security vulnerabilities can never be completely ruled out. Due to the diversity and fast pace of the technological development they are part of our daily life. If you have discovered a vulnerability show digital moral courage and help us to fix it.

A computer screen with a blue background. Photo by Xavier Cee.

Guidelines for Reporting a Security Vulnerability

If you discover a security vulnerability on one of our platforms, we kindly ask that you follow these guidelines:

  1. Report the Issue: Please send your findings via email to security@tuebingen․ai.
  2. Avoid Exploitation: Do not exploit the vulnerability in any way, such as by downloading, manipulating, or deleting data or uploading unauthorized code.
  3. Maintain Confidentiality: Do not share information about the vulnerability with third parties.
  4. Refrain from Attacks: Do not engage in social engineering (e.g., phishing), DDoS attacks, spam, or any other harmful activities targeting our systems.
  5. No Beg Bounties: We do not address reports that identify purely theoretical vulnerabilities without evidence of an actual threat.
  6. Provide Detailed Information: Include sufficient details in your report to allow us to reproduce and analyze the issue effectively.
  7. Offer a Contact Method: Provide a way for us to contact you personally with any follow-up questions. Anonymous reports will not be considered.
  8. Be Prepared for Follow-Up: Complex vulnerabilities may require further explanations or additional documentation.

Your cooperation is essential to maintaining the security of our platforms. Thank you for your assistance.

Our commitment

  • No Legal Action: We will not involve law enforcement in relation to your security research unless it is clearly criminal in nature. You can be assured that no legal action will be taken against you.
  • Timely Resolution: We will make every effort to address and resolve the reported vulnerability as quickly as possible.
  • Progress Updates: We will keep you informed about the progress of addressing your findings.
  • Policy Compliance: All actions will be carried out in compliance with this security policy.
  • Confidentiality: Your report will be treated with strict confidentiality. Personal data will not be shared with third parties without your consent. The Privacy Policy of the Tübingen AI Center applies.
  • Acknowledgment: With your permission, we would be happy to acknowledge your contribution by name.

Details to Include When Reporting a Security Vulnerability

  • Type of Vulnerability: Specify the nature of the issue.
  • Brief Explanation: Provide a concise description without technical details.
  • Affected Service/System/Device: Identify the impacted service, system, or device.
  • Exploitation Technique: Describe how the vulnerability can be exploited (e.g., remote, local).
  • Authentication Level: Indicate the required access level (e.g., guest, user, admin).
  • User Interaction: State whether user interaction is required (e.g., headless, interactive).
  • Technical Details: Include detailed technical information if possible.
  • Proof of Concept: Share any reproducible example or demonstration.
  • Proposed Solution: Suggest potential fixes or mitigations.
  • Contact Details: Provide your contact information for follow-up queries.
  • Acknowledgment: Indicate whether you consent to being mentioned (under a pseudonym or name) alongside the vulnerability in the Hall of Fame.

Hall of Fame

The experts listed on this page have adhered to the principles of Responsible Disclosure, demonstrating that ethical hackers play an indispensable role in the cyber security ecosystem. We are grateful for their tireless and professional work.

Parth Narula - November 2024

Parth Narula is an expert in network architecture, cybersecurity, and ethical hacking. He discovered and helped to rectify various vulnerabilities.

Visit Parth Narula online

Yogeswaran M - February 2025

Yogeswaran M is a Cyber Security Engineer, Penetration Tester, and Bug Bounty Hunter. He provides ethical hacking, cloud security, and threat analysis. He discovered a potential XST security vulnerability.

Yogeswaran M on LinkedIn

Hero photo by Xavier Cee on Unsplash.