Version 1.0 — March 2026
This policy defines how CLS Security Labs LLC (“CLS Labs”) handles the discovery, documentation, and disclosure of security vulnerabilities found during client engagements, internal research, or third-party reports. This policy applies to all CLS Labs personnel, contractors, and anyone reporting vulnerabilities to CLS Labs.
CLS Labs conducts authorized security assessments of AI systems. During these assessments, we routinely discover vulnerabilities in client models, infrastructure, and configurations. This policy ensures vulnerabilities are handled responsibly, protecting both our clients and the broader AI ecosystem.
CLS Labs classifies all discovered vulnerabilities using the following severity levels:
| Severity | Criteria | Example | Response Timeline |
|---|---|---|---|
| CRITICAL | Exploitable with no user interaction; leads to data breach, system compromise, or safety bypass at scale | System prompt extraction revealing PII; complete jailbreak with harmful output generation; RAG data exfiltration | Client notified within 24 hours. Interim mitigation recommended immediately. Full remediation within 7 days. |
| HIGH | Exploitable with minimal effort; bypasses primary safety controls or exposes sensitive data | Consistent jailbreak via encoding bypass; agent tool abuse enabling unauthorized actions; output containing credentials | Client notified within 48 hours. Remediation plan within 14 days. Fix verified within 30 days. |
| MEDIUM | Exploitable under specific conditions; partial bypass of safety controls | Identity manipulation in specific contexts; partial system prompt leakage; inconsistent safety responses | Included in assessment report. Remediation within 30–60 days. |
| LOW | Minor issues with limited exploitability or impact | Verbose error messages; model reveals framework version; minor prompt leakage without sensitive content | Included in assessment report. Remediation at client’s discretion. |
All vulnerabilities discovered during authorized assessments are documented in the assessment report and delivered to the client at the conclusion of the engagement. The report includes: vulnerability description, severity classification, proof of concept (sanitized), OWASP/MITRE ATLAS/NIST AI RMF mapping, potential business impact, and specific remediation recommendations.
If a CRITICAL severity vulnerability is discovered during an engagement, CLS Labs will not wait for the full report. The escalation procedure is:
Step 1 (Immediate): Assessor documents the vulnerability with proof of concept and notifies the CLS Labs engagement lead.
Step 2 (Within 4 hours): Engagement lead reviews and confirms the finding.
Step 3 (Within 24 hours): Client’s designated security contact is notified via the secure communication channel established at engagement kickoff.
Step 4 (Within 48 hours): CLS Labs provides an interim mitigation recommendation (e.g., system prompt hardening, temporary input filter, rate limiting).
Step 5 (Within 7 days): CLS Labs delivers a Certified Remediation Pattern (CRP) with full technical remediation guidance.
Critical and high-severity notifications are delivered through: encrypted email (PGP/S-MIME where available), secure messaging (client’s preferred platform, e.g., dedicated Slack channel), or direct phone call to the designated security contact for critical findings. Notifications are never sent via unencrypted email or public channels.
CLS Labs may discover vulnerabilities that affect widely-used AI models, frameworks, or services during internal research (not specific to any client engagement). In these cases:
4.1 Coordinated Disclosure: CLS Labs will attempt to contact the affected vendor or maintainer before any public disclosure. We will provide a detailed vulnerability report and allow a reasonable remediation period (typically 90 days).
4.2 Disclosure Timeline: If the vendor does not respond within 14 days of initial contact, CLS Labs will make a second contact attempt. If no response is received within 30 days, CLS Labs reserves the right to publish a limited advisory (without full exploitation details) after the 90-day window.
4.3 Active Exploitation Exception: If CLS Labs becomes aware that a vulnerability is being actively exploited in the wild, the disclosure timeline may be accelerated to protect affected parties. CLS Labs will still attempt to coordinate with the vendor.
4.4 Published Advisories: CLS Labs advisories will be published on clsecuritylabs.com/advisories and will include: advisory ID, affected system/model, severity, description, mitigation recommendations, and timeline. Full exploitation details will only be published after the vendor has had reasonable time to patch.
CLS Labs will never publicly disclose: client names or identifying information without written consent; client system prompts, model configurations, or proprietary data; specific client vulnerability details or breach rates; exploitation techniques for unpatched vulnerabilities (during the coordinated disclosure window); or any information protected by NDA, MSA, or Data Handling Agreement.
If you discover a vulnerability in any CLS Labs product, service, or infrastructure, we encourage responsible reporting:
Email: security@clsecuritylabs.com
PGP Key: Available at clsecuritylabs.com/.well-known/security.txt
Please include: a description of the vulnerability, steps to reproduce, potential impact, and any suggested remediation. CLS Labs will acknowledge receipt within 48 hours, provide a preliminary assessment within 7 business days, and keep the reporter informed of remediation progress.
CLS Labs will not take legal action against individuals who discover and report vulnerabilities in good faith, in accordance with this policy.
All vulnerability data discovered during engagements is handled per the CLS Labs Data Handling Agreement:
Client-specific findings: Encrypted at rest, access-controlled, deleted per the retention schedule (raw data within 30 days post-delivery).
Anonymized patterns: Attack techniques and breach patterns are anonymized and may be used to improve CLS Labs classifiers and tools. No client-identifiable information is retained.
CRP issuance: Certified Remediation Patterns are issued for verified, reproducible vulnerabilities. CRPs contain generalized remediation guidance and do not include client-specific details.
This policy is reviewed annually or when significant changes occur in the threat landscape, regulatory environment, or CLS Labs operations. The current version is always available at this page.
Document Owner: Brandon Arbour, Founder & CEO