ai Anthropic says Claude Opus 4.7 has a 92% honesty rate, less sycophancy - Mashable — Anthropic - Claude AI ai Anthropic introduces Claude Design by Anthropic Labs - Yahoo Tech — Anthropic - Claude AI ai Anthropic likely preparing Claude Security for broader release - TestingCatalog — Anthropic - Claude AI ai Curious About Claude? Try These 8 Beginner-Friendly Tasks First - PCMag — Anthropic - Claude AI cybersecurity [Webinar] Eliminate Ghost Identities Before They Expose Your Enterprise Data — The Hacker News cybersecurity Cross‑tenant helpdesk impersonation to data exfiltration: A human-operated intrusion playbook — Microsoft Security Blog ai Anthropic Launches Claude Design for Visual Prototyping and Presentations - Unite.AI — Anthropic - Claude AI ai Anthropic delays Claude Mythos release over cybersecurity concerns - Crypto Briefing — Anthropic - Claude AI ai Anthropic is launching an AI design tool for building slides and prototypes - qz.com — Anthropic - Claude AI cybersecurity Mirai Variant Nexcorium Exploits CVE-2024-3721 to Hijack TBK DVRs for DDoS Botnet — The Hacker News ai A new era of AI crime has arrived with Anthropic’s Mythos - MarketWatch — Anthropic - Claude AI ai Anthropic Unveils Experimental AI Design Tool Claude Design - ForkLog — Anthropic - Claude AI cybersecurity Critical flaw in Protobuf library enables JavaScript code execution — BleepingComputer cybersecurity Tycoon 2FA Loses Phishing Kit Crown Amid Surge in Attacks — SecurityWeek ai Google and OpenAI are making a run at Claude's desktop moat, and Anthropic is making it easy - The New Stack — Anthropic - Claude AI
1 / 15
All news ›

Responsible Disclosure Policy

Pro CISO® B.V. — Security Vulnerability Reporting

Report a vulnerability: security@prociso.com
We will acknowledge your report within 2 business days and keep you informed throughout.

Our Commitment

Pro CISO® B.V. takes the security of our systems and customer data seriously. We are ISO/IEC 27001:2022 certified and operate a formal Information Security Management System. Despite our best efforts, vulnerabilities may exist. We welcome responsible disclosure from the security community and commit to working with you transparently and in good faith.

Scope

This policy applies to vulnerabilities discovered in:

  • Our website: prociso.com and subdomains
  • The miniGRC platform: minigrc.prociso.com
  • Any other internet-facing systems operated by Pro CISO® B.V.

This policy does not cover vulnerabilities in third-party services or products we use but do not operate (e.g. Microsoft 365, cloud infrastructure providers).

What We Ask of You

  • Report the vulnerability to us promptly and in good faith at security@prociso.com
  • Give us reasonable time to investigate and remediate before public disclosure (we ask for a minimum of 90 days)
  • Do not access, modify, or delete data belonging to others
  • Do not perform denial-of-service attacks, social engineering, or physical security testing
  • Do not disclose the vulnerability to third parties before we have resolved it

What to Include in Your Report

  • A clear description of the vulnerability and the potential impact
  • The URL, system, or component affected
  • Step-by-step reproduction instructions
  • Any proof-of-concept code or screenshots (where relevant)
  • Your contact details so we can follow up

What We Commit to You

  • Acknowledge receipt of your report within 2 business days
  • Provide a preliminary assessment within 5 business days
  • Keep you informed of progress throughout remediation
  • Not pursue legal action against researchers who act in good faith and within this policy
  • Credit you publicly for the discovery (if you wish)

Out of Scope

The following are explicitly out of scope and should not be tested:

  • Denial-of-service or volumetric attacks of any kind
  • Automated scanning without prior permission
  • Physical security testing
  • Social engineering of Pro CISO® staff or customers
  • Vulnerabilities requiring physical access to a user's device
  • Self-XSS or issues only exploitable by an authenticated admin

Contact

Send all vulnerability reports to:

Pro CISO® B.V. - Security Team
security@prociso.com

For encrypted communication, please request our PGP key in your initial email and we will provide it promptly.