If you discover a security vulnerability in zap1 or any Frontier Compute infrastructure, please report it via Signal:

https://signal.me/#eu/HW4cIbYYnA_S4Hto1Uf5DJUXbdqmBCKbQKxMnXhMoCGFeSR05A9L95XWZz8hHjmK

Do not open a public GitHub issue for security vulnerabilities.

• zap1 reference implementation and attestation engine
• Merkle tree and anchoring logic
• API endpoints at pay.frontiercompute.io
• Verification surfaces (verify page, proof bundles, verify_proof.py)

We aim to acknowledge reports within 48 hours and provide a fix or mitigation within 7 days for critical issues.

We follow a 90-day responsible disclosure window. Reporters will be credited unless they prefer anonymity.