# Security Vault

**1 · Purpose**

Security Vault is envisioned as HackAI’s “source of truth.” Once an exploit has been reproduced in the Adversarial Sandbox and the model owner has shipped a fix, the Vault will record that pair permanently. Anyone, developers, regulators, users, can query the Vault to see:

* which model versions were vulnerable,
* who found the exploit,
* when the patch went live, and
* whether the model is still safe to use.

***

**2 · Minimum feature set (first release)**

<figure><img src="https://lh7-rt.googleusercontent.com/docsz/AD_4nXd16dLOEasAGwYoSA9oGTddUxk6NTrNKKriRZVULu0mqoq57LONmsqjCcRKCpsI6b4itHrrqZF8Jp76Ad6DsQBVxBa2Rc7OmC5Wu2IuoLdddldYhnSnBSmE2V2m_3AF_8VlWcIO?key=8dnxn4l7fPuleI7loQGLNg" alt=""><figcaption></figcaption></figure>

All metadata lives on-chain; large artefacts (logs, diffs) stay in off-chain storage referenced by content hash.

***

**3 · Example lifecycle (concept)**

1. Exploit accepted Bounty Hub releases payout; exploit ID #123 created.
2. Patch uploaded Model owner submits fix diff; Vault links #123 → patch ID #124.
3. Certification Vault mints a “Patched” NFT, timestamped on Solana.
4. Deprecation Old model hash is automatically labeled Unsafe in public registry.
5. Query Any user or script can call the Vault API to verify a model’s current status.

***

**4 · Why it matters**

* Permanent memory No more lost PDF reports or private e-mails—everything is auditable.
* Instant trust signals Apps and marketplaces can reject unsafe model hashes automatically.
* Regulatory ready Provides the continuous risk-tracking trail that new AI laws require.<br>


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://hackai.gitbook.io/hackai-docs/products/security-vault.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.