Skip to content

Security: huynhtrungcsc/memory-augmented-agentic-ai-soc

Security

SECURITY.md

Security Policy

Supported Versions

This is a research prototype. Only the latest commit on main is maintained.

Version Supported
main (latest) Active
Any tagged release As-needed

Reporting a Vulnerability

Do not report security vulnerabilities through public GitHub Issues.

Report via GitHub Security Advisories (repository Security tab → "Report a vulnerability"). This creates a private, encrypted channel.

Please include:

  • A description of the vulnerability and its potential impact
  • Steps to reproduce (minimal example preferred)
  • Affected component (e.g., app/routes/ingest.py, app/services/llm_client.py)

We aim to acknowledge reports within 72 hours.


Scope

Component Concern
/ingest-log endpoint Authentication bypass, payload injection
LLM context builder (context_builder.py) Prompt injection via crafted log messages
SQLite memory store (sqlite_store.py) SQL injection, path traversal
Decision engine (decision_engine.py) Logic flaws enabling automated block bypass
Environment variable handling Accidental secret exposure

Out of scope: third-party dependency vulnerabilities, issues requiring physical server access.


Security Design Notes

  • LLM isolation: Raw log payloads are never forwarded to the LLM. Only a sanitised prose summary generated by context_builder.py is passed. This is the primary defence against prompt injection.
  • Ingest authentication: Optional SOC_INGEST_TOKEN header enforces API key auth on the ingest endpoint. Disabled by default (development mode); must be enabled in any internet-facing deployment.
  • Rate limiting: Sliding-window rate limiter on the ingest endpoint (INGEST_RATE_LIMIT, default 500 req/min per IP).
  • No outbound data: The system does not send log data to any external service beyond the configured LLM API endpoint. In mock mode (no API key), no outbound connections are made at all.
  • Mock mode is safe by default: Without an API key, the system runs entirely locally using a keyword-heuristic fallback. No data leaves the host.

Production Deployment Warning

This is a research prototype. Before deploying in any environment that handles real security data:

  • Enable SOC_INGEST_TOKEN authentication
  • Place the service behind a reverse proxy with TLS
  • Restrict network access to trusted SIEM/log forwarder IPs only
  • Review the LLM endpoint configuration — ensure log data is only sent to a trusted, compliant provider
  • SQLite is not suitable for multi-instance or high-throughput production use; replace with PostgreSQL
  • Conduct a security review of app/services/context_builder.py for prompt injection resistance in your specific log environment

There aren't any published security advisories