Code security audit completed by an independent oversight committee
In the AI era, code transparency no longer means publishing source code. Kaitu has established an independent oversight committee to conduct rigorous audits of core code. Audit conclusions are publicly released, protecting every user's security in a more responsible way.
14 April 2026
The oversight committee is composed of independent security experts, free from commercial interests. Audit findings are traceable and reproducible, carrying more authority than arbitrary public disclosure.
Full source code disclosure in the AI era means certain governments can rapidly identify and exploit vulnerabilities. Committee audits strike the optimal balance between transparency and security.
The committee's audit reports are publicly released to all users. No source code review needed — everyone can understand the security conclusions and improvements.
Every major release triggers a committee review, creating a continuous feedback loop — not a one-time disclosure that nobody maintains.
Audit requests must be verified by Kaitu before they can proceed, and applicants must publicly disclose their identity on this website. The following three types of entities are authorised to initiate a formal audit:
A standing body composed of independent security experts that can proactively initiate audits by authority, without additional application. Audit findings are mandatorily published.
Operators and enterprise clients who have signed partnership agreements with Kaitu can submit audit requests through the partner channel. Findings are shared within the scope of the agreement.
Third-party organisations holding internationally recognised security certifications (such as ISO 27001, CREST, or OWASP-certified bodies) can initiate specialised audits after credential verification.