Home
/
community
/
Bug Bounty Hunters

Bug Bounty Hunters

Help improve our API's security and reliability
This is some text inside of a div block.

AI/ML API Bug Bounty Program

The program is being reworked an not active as of now. For updates, contact [email protected].

We believe in leveraging the power of the community to enhance the security and reliability of our AI/ML API. Our bug bounty program invites security researchers and enthusiasts to help us identify vulnerabilities and bugs, ensuring that our API continues to serve our users securely and efficiently.

Responsibilities:

  • Thoroughly test our API for security vulnerabilities, bugs, and edge cases
  • Submit detailed bug reports through our designated secure channel
  • Provide proof-of-concept demonstrations for identified issues
  • Maintain confidentiality about found vulnerabilities until they are resolved

Reward Structure:

  • Critical Vulnerabilities: Up to $20,000
    Issues that compromise the core functionality of the AI/ML API, allowing unauthorized access or manipulation of data.
  • High Severity Issues: Up to $2,000
    Issues that could allow significant security risks or but do not compromise overall security integrity. Also includes variations of API and Playground abuse.
  • Medium Severity Issues: Up to $500
    Issues with moderate impact, such as minor bugs in the API, that do not have immediate security consequences. Also includes variations of API and Playground abuse.
  • Low Severity Issues: Up to $20
    Bugs or performance issues with little to no security impact.

Exact token reward amounts will be determined based on the potential impact, complexity, and quality of the report.

Scope & Eligibility:

  • In-Scope: Any security vulnerability or bug in the public-facing API endpoints and interactions within the AI/ML API.
  • Out-of-Scope: Any security issues that require physical access, social engineering (phishing, etc.), or exploits involving third-party APIs or libraries (unless they directly affect the API).
  • Submit one vulnerability per report to ensure clarity and focus on each issue.

Do not engage in any of the following activities without prior approval from the team:

  • Any activity that could disrupt service or result in loss of data.
  • Any testing of servers or the infrastructure.
  • Avoid using automated tools to submit reports unless a specific issue requires such tools and it is clearly documented.

Report submission guidelines:

  1. Provide a clear description of the vulnerability, the steps to reproduce it, and the security impact.
  2. Include a proof-of-concept (PoC) demonstration where applicable.
  3. Ensure the report is detailed enough to allow the security team to verify the issue promptly.
  4. Avoid submitting multiple reports for the same issue or duplicate reports.

Disclosure Policy:

  1. Please refrain from disclosing any vulnerabilities publicly until they have been resolved or explicitly approved for public disclosure by our security team.
  2. We highly encourage participants to keep all details about the vulnerability confidential until a resolution has been implemented.

Response Time SLAs:

  1. First Response Time: Within 2 business day
  2. Time to Bounty Decision: Within 10 business days
  3. Time to Resolution: Varies depending on severity and complexity of the issue

Legal Considerations & Safe Harbor:

By participating in this Bug Bounty Program, you agree that any activities conducted under this program will not be reported to law enforcement, and you will not face legal action for your testing, as long as the activities remain within the scope of the program rules.

We will not initiate legal action against you, but reserve the right to suspend your participation if any rules are violated.

Any activities that violate the privacy or integrity of users, or that could result in service disruption (e.g., DoS testing) are strictly prohibited unless granted explicit permission by our security team.

How to Participate:

  1. Review This Page Thoroughly:
    Please take a moment to read through the security policy, scope, and guidelines on this page to ensure you're familiar with the rules and what to look for while testing.
  2. Test the AI/ML API:
    Once you've reviewed the guidelines, begin testing the AI/ML API for vulnerabilities, bugs, and edge cases.
  3. Submit Your Bug Report:
    If you discover a potential issue, send a detailed report to [email protected] with the subject line "Bug Bounty: <description>". Be sure to include clear steps to reproduce the issue and any relevant proof of concept.
  4. Engage with Our Security Team:
    Our security team will review your submission, and if needed, we’ll reach out for further information to assist with resolution.

Program Updates & Modifications

We reserve the right to modify the Bug Bounty Program rules, reward amounts, or scope at any time. Any changes will be communicated to participants through our official channels.

Your participation helps us ensure that the AI/ML API remains secure, reliable, and effective for everyone. Happy hunting!This keeps things simple and clear while emphasizing the submission process and the importance of following the guidelines.

For questions and clarifications, please contact our support at [email protected].

Sign up to be part of the advanced community

Sign Up