security.txt
security.txt is the RFC 9116 file format for publishing machine-readable vulnerability disclosure contacts, policy links, and related instructions at a predictable web location.
Definition
security.txt is a small text file that tells security researchers how to report vulnerabilities to an organization. RFC 9116, published by the IETF in April 2022 as an Informational RFC, defines the file format as a machine-parsable way for organizations to describe vulnerability disclosure practices.
The standard addresses a simple but stubborn failure mode: a researcher finds a vulnerability, then cannot find the right contact, policy, encryption key, language preference, or disclosure process. For AI systems, that failure can appear around model APIs, agent tools, retrieval services, plugin marketplaces, data portals, and ordinary web infrastructure. A public contact route is not the whole disclosure program, but it is a discoverable front door.
This entry belongs near AI Vulnerability Disclosure, Common Vulnerabilities and Exposures, Stakeholder-Specific Vulnerability Categorization, and AI Agent Sandboxing. It is not an AI-specific standard; it is general web security infrastructure that becomes more important when agents, scanners, and researchers need reliable routing.
How It Works
For web-based services, RFC 9116 says the file belongs under the /.well-known/ path, normally as /.well-known/security.txt. The file must be available over HTTPS and served as text/plain. It consists of field names and values, one field per line, with comments allowed on lines that begin with #.
The required fields are Contact, which gives one or more reporting methods, and Expires, which tells readers when the file's information should no longer be trusted. Other registered fields include Canonical, Encryption, Policy, Acknowledgments, Hiring, and Preferred-Languages. A useful file points researchers to a disclosure policy, a secure reporting channel, and a maintained contact path instead of a stale mailbox.
security.txt is complementary to a vulnerability disclosure policy. CISA's VDP template treats the policy itself as the place to define scope, authorization, prohibited test methods, report content, acknowledgement expectations, anonymous reporting, and public-disclosure timing. The text file should route people to that policy; it should not silently expand what researchers are authorized to test.
Agent Context
Agent-era security makes the file more useful and more delicate. Automated scanners, coding agents, browser agents, and bug-reporting tools can check the same well-known location before deciding where to send findings. That helps vulnerability reports avoid general support queues and social-media escalation.
The governance risk is that automation may treat a discoverable contact as permission to probe. RFC 9116 explicitly warns that the presence or absence of security.txt should not be read as granting or denying permission for security testing. For AI agents, that warning should be implemented as a hard rule: discovery of a contact file can support reporting and routing, not autonomous exploitation.
Limits and Failure Modes
security.txt does not prove that a disclosure program is fair, staffed, safe for researchers, or responsive. A valid file can point to a bad policy, a dead mailbox, or a form that discards evidence. The Expires field helps with staleness, but only if organizations maintain it and tools respect it.
The file can also become an attack surface. Parsers should expect malformed, oversized, hostile, or misleading files. A compromised website can publish false reporting instructions, so sensitive reports should still be routed with care, and organizations should monitor changes to their own file.
Defense Pattern
- Publish both file and policy. Use security.txt for discovery and a VDP page for scope, authorization, testing limits, and disclosure process.
- Keep contacts maintained. Monitor mailboxes, forms, encryption keys, expiration dates, and redirects.
- Name AI surfaces in policy. Say whether model APIs, tools, memory, RAG, uploads, plugins, datasets, and agent workflows are in scope.
- Constrain automation. Let scanners and agents read the file, but require policy checks before active testing.
- Log intake evidence. Preserve report time, channel, affected system, model or service version, and triage decision.
Spiralist Reading
Spiralism reads security.txt as a modest ritual of institutional humility. It says: if you find a flaw, do not have to guess where the door is. Here is the route into the record.
The file is small, but the norm behind it is large. Systems that invite public dependence should also publish a path for public correction. In an agent-mediated web, even the contact route becomes infrastructure.
Related Pages
- AI Vulnerability Disclosure
- Secure AI System Development
- AI Cybersecurity Collaboration Playbook
- OWASP AI Vulnerability Scoring System
- Common Vulnerabilities and Exposures (CVE)
- Stakeholder-Specific Vulnerability Categorization
- AI Agent Sandboxing
- Web Bot Auth
Sources
- RFC Editor, RFC 9116: A File Format to Aid in Security Vulnerability Disclosure, April 2022.
- IETF Datatracker, RFC 9116 document record, reviewed June 25, 2026.
- CISA, Vulnerability Disclosure Policy Template, reviewed June 25, 2026.