Night Wolves Security Policy

The Night Wolves Security Policy explains how Night Wolves protects users, services, and infrastructure while welcoming responsible disclosure from researchers.

If you find a vulnerability that affects GRAL AI, image generation, sign-in, or the public site, we want a clear report, a reasonable disclosure window, and safe testing that avoids privacy violations or service disruption.

Contact: nightwolvessupport@googlegroups.com

In scope

• https://nightwolves.vercel.app and all paths under this domain.
• Night Wolves web application, APIs, and authentication flows.

Out of scope

• Third-party services not controlled by Night Wolves.
• Physical attacks or social engineering.
• Denial of service (DoS/DDoS) and load testing.

• Provide a clear description of the issue and its potential impact.
• Include reproduction steps, proof of concept, or screenshots if possible.
• Do not access or modify data that does not belong to you.
• Give us a reasonable time window to fix the issue before public disclosure.

We consider good-faith security research as authorized and will not pursue legal action against researchers who follow this policy. Please avoid privacy violations, data destruction, and service disruption.

• Acknowledgment: within 5 business days.
• Initial assessment: within 10 business days.
• Fix timeline: depends on severity and complexity.

• Vulnerability type (e.g., XSS, CSRF, auth bypass).
• Steps to reproduce.
• Impact description.
• Suggested mitigation (if available).

We appreciate the security community. If you would like acknowledgment, include the name or handle you want listed when reporting.

• Vercel Security Overview
• Google OAuth 2.0 Documentation
• OWASP Vulnerability Disclosure Cheat Sheet