securityinvestigations.org / Live Data / Bug Bounty Aggregator

Bug Bounty Aggregator

All the AI-specific bug bounty programs in one place. Get paid for finding vulns. We track payouts, acceptance rates, and response times so you know where to submit.

Active Programs

$245K

Total Max Payouts

73%

Avg Acceptance

12d

Avg Response

Platform:

Min Payout:

OpenAI

Platform: Bugcrowd

Max Payout: $20,000

Acceptance Rate: 85%

Avg Response: 14 Days

In-Scope: ChatGPT, API, Plugins, DALL-E. Prompt injection, auth bypass, data exfil.

Submit Report → Updated 2024-01-15

Anthropic

Platform: HackerOne

Max Payout: $15,000

Acceptance Rate: 92%

Avg Response: 7 Days

In-Scope: Claude API, claude.ai, Constitutional AI bypasses. Fast response team.

Submit Report → Updated 2024-01-18

Google AI

Platform: VRP

Max Payout: $31,337

Acceptance Rate: 45%

Avg Response: 22 Days

In-Scope: Gemini, Bard, Vertex AI, PaLM API. Strict dupe policy — check before submitting.

Submit Report → Updated 2024-01-12

Meta AI

Platform: Direct

Max Payout: $40,000

Acceptance Rate: 38%

Avg Response: 30 Days

In-Scope: Llama models, Meta AI assistant, Ray-Ban AI. High bar for severity.

Submit Report → Updated 2024-01-10

Cohere

Platform: HackerOne

Max Payout: $10,000

Acceptance Rate: 78%

Avg Response: 5 Days

In-Scope: Command R, Embed, Rerank APIs. Super responsive team, good for first-timers.

Submit Report → Updated 2024-01-17

Mistral AI

Platform: Direct

Max Payout: $8,000

Acceptance Rate: 65%

Avg Response: 10 Days

In-Scope: Mistral Large, Le Chat, API endpoints. Based in France, GDPR-focused.

Submit Report → Updated 2024-01-14

Amazon Bedrock

Platform: HackerOne

Max Payout: $25,000

Acceptance Rate: 52%

Avg Response: 18 Days

In-Scope: Bedrock API, Titan models, agent framework. AWS scope rules apply.

Submit Report → Updated 2024-01-11

Microsoft Azure AI

Platform: MSRC

Max Payout: $30,000

Acceptance Rate: 48%

Avg Response: 21 Days

In-Scope: Azure OpenAI, Copilot integrations, Cognitive Services. MSRC bounty rules.

Submit Report → Updated 2024-01-09

Know a program we're missing?

If you know of an AI-specific bug bounty we haven't listed, drop us a line. We verify all programs before adding them.

Submit Program Info

Tips for Submitting

Check for Dupes First

Most programs have dupe rates north of 50%. Search their disclosed reports before submitting. Saves everyone time.

Provide Clear PoC

Include exact prompts, API calls, and expected vs actual behavior. Screenshots are good but reproducible steps are better.

Understand Scope

Some programs only care about safety bypasses. Others want infra vulns too. Read the policy before you start testing.