If you discover a security vulnerability in AccessMind, please report it responsibly:

1. Do NOT open a public GitHub issue for security vulnerabilities
2. Email the maintainers with details of the vulnerability
3. Include steps to reproduce the issue
4. Allow reasonable time for a fix before public disclosure

AccessMind implements several security patterns:

• Human-in-the-Loop Approval: All AI-generated transformations require explicit human approval before export
• Input Validation: File size limits, content type validation, and sanitized inputs
• No Credential Storage: Azure credentials are loaded from environment variables only
• CORS Configuration: Configurable allowed origins (not wildcard in production)
• Audit Trail: All agent actions and human decisions are logged with timestamps
• Demo Mode Isolation: When Azure credentials are absent, the system operates in isolated demo mode with no external API calls

This project was created for the Microsoft Agents League Hackathon 2026. It does not contain any confidential information. All code and data are original or sourced from publicly available WCAG 2.2 guidelines.

See the hackathon disclaimer for additional information.