Vulnerability Disclosure Policy

This Vulnerability Disclosure Policy outlines the processes for reporting vulnerabilities, including those that may affect our sensitive data and intellectual property.

About the Policy


At PathAI, the security and confidentiality of our data and intellectual property are of paramount importance. We are responsible for safeguarding not only Protected Health Information (PHI) and Personally Identifiable Information (PII), but also our proprietary technologies, including machine learning models and other intellectual property (IP). To maintain high standards of security and compliance, we welcome responsible vulnerability disclosures from security researchers, partners, and the general public.

PathAI believes effective disclosure of security vulnerabilities requires mutual trust, respect, transparency and common good between PathAI and Security Researchers. Together, our vigilant expertise promotes the continued security and privacy of PathAI customers, products, and services.

This Vulnerability Disclosure Policy outlines the processes for reporting vulnerabilities, including those that may affect our sensitive data and intellectual property. This policy applies to all systems, technologies, and intellectual property owned, operated, or maintained by PathAI.

PathAI accepts vulnerability reports from all sources such as independent security researchers, industry partners, vendors, customers, and consultants. PathAI defines a security vulnerability as an unintended weakness or exposure that could be used to compromise the integrity, availability, or confidentiality of our products and services.
  • We will respond to vulnerability reports promptly.
  • We will not take legal action against those who report vulnerabilities in good faith and in accordance with this policy
  • We will work with researchers to validate, address, and remediate vulnerabilities in a timely manner.
  • We will protect the confidentiality of sensitive data (PHI, PII) and intellectual property during the reporting and remediation process.
  • We will acknowledge the efforts of researchers, subject to legal and policy constraints.