From e088575863001249680ae3264d352a92855688a9 Mon Sep 17 00:00:00 2001
From: amareshhebbar <reshama0302@gmail.com>
Date: Sat, 27 Jun 2026 13:46:37 +0530
Subject: [PATCH 1/2] security: add SECURITY.md with vulnerability reporting
 policy

---
 SECURITY.md | 28 ++++++++++++++++++++++++++++
 1 file changed, 28 insertions(+)
 create mode 100644 SECURITY.md

diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 0000000..b771673
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,28 @@
+# Security Policy
+
+## Supported Versions
+
+| Version | Supported |
+|---------|-----------|
+| 0.1.x   | ✅        |
+
+## Reporting a Vulnerability
+
+If you discover a security vulnerability in AtomicRAG, please **do not open a public issue**.
+
+Instead, email directly: amareshhebbar@gmail.com
+
+Include:
+- Description of the vulnerability
+- Steps to reproduce
+- Potential impact
+- Suggested fix (if any)
+
+You will receive a response within 48 hours.
+
+## Scope
+
+- Model output hallucination leading to incorrect query decomposition
+- Prompt injection via malicious input questions
+- Unsafe deserialization in JSON output parsing (src/utils.py)
+- Dependency vulnerabilities in requirements.txt

From a61531e16405b2e6fd13916fdce96e4b0e35f169 Mon Sep 17 00:00:00 2001
From: amareshhebbar <reshama0302@gmail.com>
Date: Sat, 27 Jun 2026 13:56:44 +0530
Subject: [PATCH 2/2] docs: update README

Co-authored-by: GVAmaresh <eshama944@gmail.com>
---
 README.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/README.md b/README.md
index abbb264..de9a147 100644
--- a/README.md
+++ b/README.md
@@ -233,4 +233,4 @@ AtomicRAG/
 
 ---
 
-*Amaresh Hebbar · [HuggingFace](https://huggingface.co/AmareshHebbar) · [W&B](https://wandb.ai/amareshhebbar)*
\ No newline at end of file
+*Amaresh Hebbar · [HuggingFace](https://huggingface.co/AmareshHebbar) · [W&B](https://wandb.ai/amareshhebbar)*# Team