Report security issues privately to the maintainers. Do not open public issues containing secrets, exploit details, private datasets, or undisclosed vulnerabilities.

KetQat does not store QPU provider credentials or provide commercial QPU execution workflows. If you find credential exposure, authentication bypass, unsafe file handling, or arbitrary-code execution risk, treat it as security-sensitive.