Bug Bounty & Vulnerability Disclosure

Help us secure the data platform for Physical AI.

Thousands of hours of AV, robotics, and Physical AI training data flow through our systems every week. We pay researchers who find bugs in it. Cash bounties up to $1,500 for findings that merit it, with discretionary bonuses for exceptional chains, plus recognition in our hall of fame.

Submit a report Program details

48-hour acknowledgmentSafe harbor guaranteed90-day coordinated disclosure

Rewards at a glance

What we pay for high-impact findings

Severity	CVSS v3.1	Cash	Also includes
Informational / Low	< 4.0	$25	Swag, CVE credit if applicable
Medium	4.0 – 6.9	$100 – $150	Swag, hall of fame
High	7.0 – 8.9	$250 – $500	Swag, hall of fame
Critical	9.0 – 10.0	$500 – $1,500	Swag, hall of fame
Exceptional chain / broad impact	—	Discretionary bonus	Case-by-case, Avala discretion

Full reward tiers & multipliers

Response SLA

What to expect after you submit.

Initial acknowledgment: Within 48 hours
Severity assessment & triage: Within 5 business days
Status update cadence: Every 7 days until resolved
Fix deployment (critical): Within 72 hours
Fix deployment (high): Within 14 days
Fix deployment (medium/low): Within 30 days
Bounty decision: On fix-deployed or determination of non-applicability
Bounty payment: Within 30 days of decision

Found something?

Submit a report Email security@avala.ai