Found something? Tell us first.

How to report a vulnerability

The canonical process lives in SECURITY.md in the repository. That document always carries the current reporting channel, and where this page and that file disagree, the file wins.

Please do not open a public issue for a security bug. Use the private channel described in SECURITY.md so a fix can ship before the details circulate. A strong report includes:

• The Loom version and platform you tested, since macOS, Linux, and Windows builds can differ.
• Steps to reproduce, or a minimal proof of concept. A report we can replay is a report we can fix.
• Your read on the impact: what an attacker reaches that they should not, and what it would take to get there.

We read every report, prioritize confirmed issues by severity, and ship fixes in a release as quickly as the problem demands.

What we most want to hear about

Loom makes specific security promises, and reports that break one of them go to the front of the queue:

• API keys are stored in the OS keychain only. Any path that writes a key to disk or leaks it off the machine is a serious finding.
• A secret-path deny-list guards reads and writes, and a workspace authorization registry gates every file, git, and shell operation. Bypasses of either are in scope.
• Outbound Conductor traffic goes through an SSRF-guarded Rust HTTP proxy. Requests that escape the guard are in scope.
• Auto-accept presses only the safe affirmative on permission prompts. Anything that tricks it into a broader grant matters to us.

Loom ships no telemetry and requires no account beyond your Claude login, so nearly all of the attack surface is the desktop app itself. The security page describes the full architecture, and the source is open for audit.