Security is a critical priority for the PlumoAI platform.
PlumoAI is designed to run AI Employees inside company infrastructure, which means protecting systems, data, and integrations is essential.
This document explains how to report security vulnerabilities and how the PlumoAI team handles security issues.
Security updates are provided for the latest stable release of PlumoAI.
| Version | Supported |
|---|---|
| Latest Release | β Supported |
| Older Versions | β Limited Support |
| Deprecated Versions | β Not Supported |
Users are encouraged to always run the latest version of the platform.
If you discover a security vulnerability in PlumoAI, please do not create a public GitHub issue.
Instead, report the issue directly to the security team.
π§ Email: support@plumoai.com
Please include the following information:
β’ Description of the vulnerability β’ Steps to reproduce the issue β’ Potential impact β’ Suggested mitigation if available β’ Screenshots or logs if relevant
Responsible disclosure helps protect the entire community.
Once a vulnerability report is received, the PlumoAI team will follow this process.
1οΈβ£ Confirm receipt of the report 2οΈβ£ Investigate and validate the vulnerability 3οΈβ£ Develop and test a fix 4οΈβ£ Release a security update 5οΈβ£ Notify affected users
We aim to respond to vulnerability reports within 72 hours.
Organizations running PlumoAI should follow security best practices.
Recommended practices include:
β Deploy PlumoAI in a secure infrastructure environment β Restrict access to administrative interfaces β Use secure API keys for integrations β Monitor logs and system activity β Keep Docker images updated
These practices help maintain a secure deployment.
PlumoAI deployments typically involve:
Docker containers External integrations through App AI Agents Authorization systems controlling employee actions
Organizations should ensure proper access controls and infrastructure security policies are applied.
AI Employees interact with business systems and external tools.
To maintain safe operations:
β Use proper authorization controls β Limit access to sensitive systems β Monitor actions performed by AI Employees β Apply least privilege access principles
This ensures AI Employees operate safely within company environments.
We appreciate security researchers and community members who help improve the security of PlumoAI.
Responsible disclosure helps ensure vulnerabilities are resolved quickly while protecting users.
Please allow the PlumoAI team time to investigate and fix issues before publicly disclosing vulnerabilities.
For security concerns or vulnerability reports:
π§ support@plumoai.com
PlumoAI is committed to building secure infrastructure for Autonomous AI Employees.