How much can I save on AWS costs with devopsX?

devopsX helps you cut AWS costs by up to 60% through AI-powered optimization, intelligent resource management, and automated FinOps practices.

What cloud platforms does devopsX support?

devopsX supports major cloud platforms including AWS, GCP, and Azure with comprehensive management, monitoring, and cost optimization features.

How does prompt-based cloud management work?

devopsX uses AI to understand natural language prompts, allowing you to manage your entire cloud infrastructure through simple commands, automating complex DevOps tasks.

DevOpsX – AI-Powered Cloud & DevOps Automation Platform

The security of our systems and user data is DevOpsX's top priority. We deeply value the contributions of security researchers who, acting in good faith, help us identify and address potential vulnerabilities.

Purpose

At DevOpsX, our mission is to simplify, secure, and automate cloud-native infrastructure for enterprises. Protecting the integrity of our platform and the data entrusted to us is critical to that mission.

This Responsible Disclosure Policy establishes a safe and transparent process for security researchers to report vulnerabilities. By working together, we can better protect our users, partners, and the broader ecosystem.

We also encourage collaboration across the industry. If you discover a vulnerability that impacts multiple organizations or providers, please report it separately to each affected entity.

Scope of Systems

This Policy applies to all internet-facing information systems, APIs, services, and websites owned or controlled by DevOpsX, including the devopsx.ai domain and related subdomains (collectively, "Information Systems").

This Policy does not apply to:

Systems operated by third parties (including contractors, service providers, or integrations with DevOpsX).
Non-production, demo, or sandbox environments not publicly accessible.

For third-party systems, please follow their respective disclosure policies.

Scope of Vulnerabilities

We welcome reports on any technical vulnerabilities that could impact the confidentiality, integrity, or availability of our systems or data, such as:

Misconfigurations
Authentication or authorization flaws
Cross-Site Request Forgery (CSRF)
Cross-Site Scripting (XSS)
SQL Injection
Remote Code Execution (RCE)
Directory Traversal
Privilege Escalation

Excluded Vulnerabilities

The following issues are out of scope, unless you can demonstrate a clear security impact:

Missing security headers without proof-of-concept exploitation
TLS/SSL configuration best practices
Rate-limiting or brute-force attacks on non-sensitive endpoints
Clickjacking on non-sensitive pages
Denial of Service (DoS) or volumetric attacks
Social engineering, phishing, or vishing
Attacks against physical infrastructure
Vulnerabilities in third-party services not owned by DevOpsX
Publicly known zero-days within 30 days of release

We also welcome reports related to AI safety issues (e.g., jailbreaks, harmful prompt outputs) that may compromise DevOpsX services.

How to Submit a Report

If you discover a potential vulnerability, please email us at: contact@devopsx.ai

Please include:

A clear summary of the vulnerability
The affected system, service, or URL
Steps to reproduce the issue
Technical details (e.g., logs, payloads, PoCs, screenshots)
Potential impact and any suggested remediation steps

Please submit one vulnerability per report and avoid unnecessary duplication.

Your Responsibilities

When testing and reporting vulnerabilities, you agree to:

Act in good faith and within the scope of this Policy
Avoid accessing, modifying, or exfiltrating customer or employee data
Avoid any activity that could disrupt services or degrade availability
Exploit vulnerabilities only to the minimum extent necessary to demonstrate them
Not disclose vulnerabilities to third parties or the public until DevOpsX confirms remediation, unless agreed upon in writing
Not demand payment or compensation as a condition of disclosure
Comply with all applicable laws

Our Commitments to You

When you responsibly report a vulnerability, DevOpsX commits to:

Acknowledge receipt of your report within 3 business days
Investigate the issue promptly and keep you updated on progress
Work with you to validate the vulnerability and address it
Not pursue legal action if you act in accordance with this Policy (Safe Harbor)
With your consent, provide credit for valid disclosures in public acknowledgments

Safe Harbor

If you comply with this Policy, DevOpsX will not initiate legal action against you for your research and disclosure activities.

To qualify for Safe Harbor, disclosures must be made in good faith and must not involve extortion, data theft, or other malicious behavior.

Changes to this Policy

We may revise this Policy from time to time. Any updates will be posted on this page with a new "Last updated" date. Vulnerabilities reported before updates remain subject to the policy in effect at the time of submission.

Contact Us

Have a vulnerability to report?

contact@devopsx.ai