EverythingOS is designed in alignment with NIST AI RMF 1.0 (GOVERN, MAP, MEASURE, MANAGE) and NIST AI 600-1 (Generative AI Profile). This document covers vulnerability disclosure, known risks, responsible use, and the security controls built into the framework.

Do not open a public GitHub issue for security vulnerabilities.

Report vulnerabilities privately via GitHub's Security Advisory system:

1. Go to https://github.com/noisyloop/EverythingOS/security/advisories
2. Click "New draft security advisory"
3. Provide a detailed description, reproduction steps, and impact assessment

Response SLA:

• Acknowledgement within 48 hours
• Initial assessment within 5 business days
• Patch timeline communicated within 10 business days

The following areas carry inherent risk in any multi-agent AI framework. Each is mitigated by controls documented in src/security/.

Agents that accept user-supplied text (Discord, Slack, API inputs) and pass it to LLMs are susceptible to prompt injection. Mitigation: All user input passes through src/security/sanitize.ts before reaching any LLM call.

Agents that gain unintended access to event channels outside their declared scope. Mitigation: EventBus enforces per-agent ACLs declared at registration time. See src/security/agent-auth.ts.

Agents using LLM output to make consequential decisions (trading signals, deployment approvals, robotics commands) may act on fabricated information. Mitigation: High-risk agent tiers require human-in-the-loop approval via ApprovalGateAgent. Output validation is enforced via src/security/content-filter.ts.

User content and agent context sent to external LLM APIs (Anthropic, OpenAI) may contain PII. Mitigation: src/security/sanitize.ts scrubs PII before all outbound LLM calls.

npm dependencies introduce third-party code. Mitigation: Dependencies are pinned in package.json, npm audit runs in CI, and an SBOM is generated on each release.

Unauthenticated agents could inject malicious events. Mitigation: All EventBus publish calls require a valid HMAC agent token issued by the AgentRegistry at registration.

Agents bridging to physical hardware via ROS2 must never accept unvalidated input as motion or actuation commands. Mitigation: All robotics-bound events require HIGH risk tier approval and pass through SafetyMonitor before execution.

EverythingOS is a general-purpose agent framework. Operators are responsible for:

• Complying with the Terms of Service of any LLM provider used (Anthropic, OpenAI, etc.)
• Complying with platform Terms of Service for any integration (Discord, Slack, etc.)
• Ensuring appropriate data privacy controls for the jurisdiction of deployment
• Never deploying HIGH risk tier agents (financial, robotics, system config) without human oversight and tested fallback procedures
• Disclosing bot/agent identity to users in any consumer-facing deployment

This policy is reviewed quarterly. Last updated: February 2026. Framework: NIST AI RMF 1.0, NIST AI 600-1, NIST CSF 2.0