Current pre-release summary · July 9, 2026
No system is perfectly secure. API content must be transmitted to the selected AI provider or aggregator, whose controls and policies are outside WebikAI’s control. BYOK customers remain responsible for provider-side access settings, key rotation, and provider charges. WebikAI does not currently claim SOC 2, ISO 27001, HIPAA, PCI service-provider, FedRAMP, or other independent certification. Do not send regulated or highly sensitive data unless appropriate written terms and controls have been confirmed.
Use unique credentials and MFA where available; limit key distribution; label and cap keys appropriately; select providers whose data terms fit the workload; revoke unused or exposed keys; monitor usage; validate AI output; and report suspicious activity promptly. Never send a provider secret, password, full prompt body, or unnecessary personal data in a support email.
Email [email protected] with a concise description, reproduction steps, impact, and safe contact details. Do not access other customers’ data, disrupt service, exfiltrate secrets, use social engineering, or publish a vulnerability before coordinated resolution. WebikAI does not yet promise a bug bounty; good-faith reports will be triaged.