We provide security updates for the latest release only.

Please do not open a public issue for security findings.

Email security@nxtg.ai with:

• Description of the finding
• Steps to reproduce
• Potential impact
• Suggested fix (if any)

• Acknowledgment: Within 48 hours
• Initial assessment: Within 5 business days
• Resolution target: Within 30 days for critical findings

We follow coordinated disclosure. We will:

1. Confirm the finding and determine affected versions
2. Develop and test a fix
3. Release the fix and publish a security advisory
4. Credit the reporter (unless anonymity is requested)

We ask that you give us reasonable time to address findings before any public disclosure.