Security
Darkstar treats security, capture denial, auditability, and human authorization as core operating requirements rather than after-market controls.
Darkstar systems are designed for contested environments where RF is denied, hardware may be captured, and every decision must be explainable after the mission. This public page summarizes our website and product security posture at a high level.
Send security reports to [email protected]. Include affected URL or component, reproduction steps, impact, and contact information for follow-up.
Good-faith research that avoids privacy harm, service disruption, data destruction, and unauthorized persistence will be reviewed constructively. Do not test live operational systems without written authorization.
We triage reports, validate impact, prioritize remediation, and coordinate disclosure timing when appropriate. Critical issues affecting safety, authorization, or data exposure receive priority handling.
| Human authorization | Engagement decisions require human authorization; recommendations and evidence traces are separate from final authority. |
|---|---|
| Capture denial | Captured hardware is designed to reveal no model, no mission data, and no coordination keys. |
| Deterministic replay | Mission behavior can be recorded, replayed, branched, diffed, and audited. |
| Enclave boundaries | Operational materials, demos, and procurement data are separated by authorization context and need-to-know access. |
| Website security | Public web properties use security headers, static builds, dependency checks, and minimal data collection. |
Public website channels are not approved for classified, controlled, mission-sensitive, or export-restricted submissions. Contact us first to establish an approved process.
Testing against drones, enclaves, field systems, or simulation infrastructure requires written authorization, scoped rules of engagement, and designated safety contacts.
For vulnerability reports or security coordination, email [email protected].