If you believe you've found a security issue in PilotBot, please report it privately.

• Email: steipete@gmail.com
• What to include: reproduction steps, impact assessment, and (if possible) a minimal PoC.

PilotBot is a labor of love. There is no bug bounty program and no budget for paid reports. Please still disclose responsibly so we can fix issues quickly. The best way to help the project right now is by sending PRs.

• Public Internet Exposure
• Using PilotBot in ways that the docs recommend not to
• Prompt injection attacks

For threat model + hardening guidance (including pilotbot security audit --deep and --fix), see:

• https://docs.pilotbot.ai/gateway/security

PilotBot's web interface is intended for local use only. Do not bind it to the public internet; it is not hardened for public exposure.

PilotBot requires Node.js 22.12.0 or later (LTS). This version includes important security patches:

• CVE-2025-59466: async_hooks DoS vulnerability
• CVE-2026-21636: Permission model bypass vulnerability

Verify your Node.js version:

node --version  # Should be v22.12.0 or later

When running PilotBot in Docker:

1. The official image runs as a non-root user (node) for reduced attack surface
2. Use --read-only flag when possible for additional filesystem protection
3. Limit container capabilities with --cap-drop=ALL

Example secure Docker run:

docker run --read-only --cap-drop=ALL \
  -v pilotbot-data:/app/data \
  pilotbot/pilotbot:latest

This project uses detect-secrets for automated secret detection in CI/CD. See .detect-secrets.cfg for configuration and .secrets.baseline for the baseline.

Run locally:

pip install detect-secrets==1.5.0
detect-secrets scan --baseline .secrets.baseline