New top bounty: Up to $3,000 for Model Format vulnerabilities

Participate

The world’s first bug bounty
platform for AI/ML

huntr provides a single place for security researchers to submit vulnerabilities, to ensure the security and stability of AI/ML applications, including those powered by Open Source Software (OSS).

*by logging in you agree to ourterms of service

250+ AI/ML repos in scope

Submission process

The story of vulnerability disclosure, from start to finish.

1. Disclose

Researcher finds and submits a vulnerability using our secure form.

2. Validate

We contact the maintainer then reach out again once every 7 days. We allow the maintainer 31 days to respond to the report. If no response is received, we will manually resolve high and critical reports within 14 days.

3. Reward

If a report is determined to be valid by either the maintainer or huntr, the researcher is rewarded a bounty and a CVE is issued. If the maintainer patches the vulnerability, they may award themselves or another team member of their organisation the "fix bounty" and credit for the fix. We will soon support the ability for researchers to submit a patch and claim the fix bounty but this is not supported yet.

4. Publish

By default, all reports go public on day 90 but maintainers may request an extension if needed. Reports marked informational or invalid go public immediately.

See the full guidelines

Start learning