To report a vulnerability, file a private vulnerability report. This report will be privately reviewed by the Agentgateway security team.
Please do not report security vulnerabilities through public GitHub issues. If you aren't sure if an issue is a security vulnerability, it's best to err on the side of caution and report it privately.