Document Owner: CEO/CTO

Last Updated: October 21, 2025

Review Frequency: Annually

1. Purpose

This document defines Kino AI's approach to identifying, assessing, and remediating security vulnerabilities and threats across our technology stack. Our lean engineering team leverages automated tools and industry best practices to maintain a strong security posture.

2. Scope

This policy applies to:

• Application code and dependencies
• Infrastructure and cloud services (GCP)
• Development workstations and endpoints
• Third-party integrations
• Systems interfacing with customer environments

3. Vulnerability Management Philosophy

As a highly skilled, small engineering team, Kino AI takes a proactive and continuous approach to vulnerability management:

• Automation-first: Leverage automated scanning to identify issues early
• Rapid response: Small team size enables quick decision-making and deployment
• Defense in depth: Multiple layers of security controls
• Collaborative approach: Work closely with customer IT teams for infrastructure security
• Continuous improvement: Learn from each vulnerability and strengthen defenses