The world’s first bug bounty
platform for AI/ML
huntr provides a single place for security researchers to submit vulnerabilities, to ensure the security and stability of AI/ML open-source apps and libraries and ML model file formats.
240+ AI/ML Programs
Submission process
The story of vulnerability disclosure, from start to finish.
1. Disclose
Researcher finds and submits a vulnerability using our secure form.
2. Validate
We contact the maintainer then reach out again once every 7 days. We allow the maintainer 31 days to respond to the report. If no response is received, we will manually resolve high and critical reports within 14 days.
3. Reward
If the report is determined to be valid by either the maintainer or huntr, the researcher is rewarded a bounty. Open source reports are also awarded a CVE and a fix bounty may be awarded to the maintainer for patching the vulnerability and merging the patch. We will soon support the ability for researchers to submit a patch and claim the fix bounty but this is not supported yet.
4. Publish
All open source vulnerability reports go public on day 90 but maintainers may request an extension if needed. Open source reports marked informational or invalid go public immediately. Reports pertaining to Model File Formats are not disclosed publicly.
See the full guidelines
