Tukun.ai A Semantic-first Data Agent
English
Blog

Security

Security Reporting

Last updated: May 9, 2026

If you believe you found a security issue in Tukun.ai, please report it to us privately so we can investigate and fix it responsibly.

We appreciate clear, reproducible reports that help us understand the impact, affected surface, and steps needed to verify the issue.

1. Contact

Please send security reports to security@tukun.ai.

Use the subject line 'Security report' when possible, and include a way for us to follow up with you.

2. What to include

  • A short description of the issue and why it matters.
  • The affected URL, API route, product surface, or account context.
  • Step-by-step reproduction instructions or a minimal proof of concept.
  • Any timing, browser, device, or environment details that help us reproduce the issue.
  • Your contact details and any disclosure preferences.

3. Please avoid

  • Accessing, modifying, or exfiltrating data that does not belong to you.
  • Denial-of-service activity, destructive testing, or automated traffic that could degrade service for other users.
  • Social engineering, phishing, or attacks against third-party infrastructure.
  • Public disclosure before we have had a reasonable chance to investigate and respond.

4. Scope and response

We review good-faith reports about vulnerabilities affecting Tukun.ai websites, applications, APIs, authentication flows, and account security controls.

We may not respond to reports that are incomplete, non-reproducible, low-signal, or outside the scope of our services.

At this time, Tukun.ai does not operate a public bug bounty program unless we explicitly state otherwise.