The Bifrost team takes security issues seriously. We appreciate your efforts to responsibly disclose any vulnerabilities you find.
Please do NOT report security vulnerabilities through public GitHub issues.
Instead, please report them via one of the following methods:
- GitHub Security Advisories (preferred): Use GitHub's private vulnerability reporting to submit a report directly through the repository.
- Email: Send an email to akshay@getmaxim.ai with the details of the vulnerability.
To help us triage and respond quickly, please include:
- A description of the vulnerability and its potential impact
- Step-by-step instructions to reproduce the issue
- Affected version(s) and component(s) (e.g.,
core,transports,plugins/*) - Any relevant configuration or environment details
- Proof-of-concept code, if available
- Acknowledgment: We will acknowledge receipt of your report within 48 hours.
- Updates: We will provide status updates as we investigate, typically within 5 business days.
- Resolution: Once a fix is available, we will coordinate with you on disclosure timing.
- Credit: We are happy to credit reporters in our release notes and security advisories (unless you prefer to remain anonymous).
Security updates are provided for the following versions:
| Module | Version | Supported |
|---|---|---|
| transports | 1.4.x | ✅ |
| core | 1.4.x | ✅ |
| framework | 1.2.x | ✅ |
| plugins/* | current minor version tracks | ✅ |
Only the latest minor release of each supported major version receives security patches. We recommend always running the latest version.
Bifrost is an AI gateway that routes requests to multiple LLM providers. When deploying Bifrost, keep the following in mind:
- API Key Management: Bifrost handles provider API keys. Ensure keys are stored securely and never committed to version control. Use environment variables or a secrets manager.
- Network Exposure: Restrict access to the Bifrost admin interface and API endpoints using firewalls, VPNs, or authentication layers appropriate for your environment.
- TLS: Always use TLS when exposing Bifrost to external networks.
- Access Profiles: Use Bifrost's access profile and virtual key features to enforce least-privilege access to upstream providers.
- Plugin Security: Only use plugins from trusted sources. Plugins execute within the request pipeline and have access to request/response data.
We follow a coordinated disclosure process:
- The reporter submits the vulnerability privately.
- We confirm the issue and develop a fix.
- We release the fix and publish a security advisory.
- The vulnerability details are made public after users have had reasonable time to update (typically 30 days after the fix is released).
We kindly ask that you do not publicly disclose the vulnerability until we have had a chance to address it.
The following are in scope for security reports:
- The Bifrost gateway (core, transports, framework, CLI)
- Official Bifrost plugins (
plugins/directory) - The Bifrost Docker image (
maximhq/bifrost) - The Bifrost web UI
The following are out of scope:
- Social engineering attacks
- Denial of service attacks that rely purely on volumetric traffic