The world’s first bug bounty
platform for AI/ML

huntr provides a single place for security researchers to submit vulnerabilities, to ensure the security and stability of AI/ML applications, including those powered by Open Source Software (OSS).

*by logging in you agree to ourterms of service

250+ AI/ML repos in scope

Submission process

The story of vulnerability disclosure, from start to finish.

1. Disclose

Researcher finds and submits a vulnerability using our secure form.

2. Validate

We contact the maintainer then reach out again once every 7 days. Maintainer has 45 days to respond to the report. If no response is received, we will manually review reports >7.0 CVSS within 15 days. (eventual addition after feature is in place: Researcher may request a manual review if maintainer labels finding invalid or informational).

3. Reward

If a report is determined to be valid by either the maintainer or huntr, the researcher is rewarded a bounty and a CVE is issued. If the maintainer patches the vulnerability, they are rewarded the patch bounty. The researcher may also submit a patch and, if accepted by the maintainer, will receive the patch bounty in addition to the report bounty.

4. Publish

Reports switch to public after 60 days. Maintainer may request up to 30 days extension to fix. Reports marked informational or invalid are immediately switched to public.

See the full guidelines

Start learning

chatGPT logo

Advanced API Attacks in ChatGPT


MXNet logo

MXNet Unsafe
Pointer Usage


Kubeflow logo

Account Hijacking and Internal Network Attacks in Kubeflow