Avala
Security

Rewards

What we pay.

Rewards are set by the surface you hit and the impact you demonstrate. The top of each band is the max — final awards reflect quality, novelty, and demonstrated real-world impact. Multipliers can add up to +50%.

Attack surfaces & max reward

Use this as your map of what to hunt. The examples column shows the kinds of findings that earn the top of each band — we still pay for lower-impact variants at lower amounts.

SurfaceExample qualifying findingsMax
Mission Control (avala.ai)
Flutter web annotation platform. Customer workspaces, datasets, annotations.
  • Cross-tenant data access
  • Authentication or authorization bypass
  • Account takeover
  • Stored XSS with session or data impact
$3,000
API / MCP endpoint (api.avala.ai)
Django REST API + read-only MCP server that AI agents query.
  • Auth bypass or privilege escalation
  • MCP SELECT-only bypass (INSERT / UPDATE / DELETE via the MCP surface)
  • SQL injection, command injection, SSRF
  • Unauthenticated access to customer data or PII
$5,000
AI / LLM endpoints
LLM-powered features: annotation review, MCP query planning, agent integrations.
  • Prompt injection that exfiltrates customer data
  • Indirect prompt injection via uploaded annotations
  • Training-data or model exfiltration via the API
  • Agent-chain authz bypass (MCP role confusion)
$5,000
SDKs & packages
Published npm + PyPI packages that customers run inside their own code.
avala (PyPI), @avala-ai/sdk (npm), @avala-ai/mcp-server (npm)
  • Supply-chain injection (malicious dep, typosquat we missed)
  • Credential exfiltration from SDK internals
  • RCE in parser / serializer / client
$5,000
Mobile app (Arcade)
iOS + Android Flutter app used by annotators in the field.
  • Deep-link hijack with session impact
  • Insecure storage of auth tokens
  • Offline-cache bypass of server-side authz
$1,500
Customer-facing web surfaces
about.avala.ai, ir.avala.ai, docs.avala.ai, security.avala.ai, trust.avala.ai.
  • Auth bypass on gated ir.avala.ai documents
  • Stored XSS on security.avala.ai or docs
  • Admin-route exposure on any listed subdomain
$1,500
Infrastructure (AWS, Cloudflare, DNS, TLS)
Publicly-exposed Avala-owned cloud surfaces.
  • Subdomain takeover on any *.avala.ai we own
  • Public S3 bucket with customer data (avala-* prefix)
  • Misconfigured Lambda / Worker endpoint returning internal state
  • Certificate or email-auth (SPF/DKIM/DMARC) spoofing primitives
$1,500
Authentication (Auth0 integration)
How we wire Auth0, not Auth0 itself (report Auth0 bugs to Auth0).
  • JWT validation bug in our middleware
  • API-key scoping flaw (server/apps/apikey/)
  • Session-fixation or re-use across tenants
$3,000

Severity reference

If your finding doesn't map cleanly to one surface, or for the bands we anchor each surface against, here's the CVSS v3.1 tier map.

SeverityCVSS v3.1Cash
Informational / Low< 4.0$25 – $50
Medium4.0 – 6.9$100 – $250
High7.0 – 8.9$500 – $1,500
Critical9.0 – 10.0$1,500 – $3,000
Exceptional chain / broad impactUp to $5,000

CVSS calculator: first.org/cvss/calculator/3.1

Multipliers

+25% quality bonus

Clean reproduction steps, clear impact analysis, and suggested remediation included in the initial submission.

+25% novel class

First AI/LLM-specific finding of its kind on our platform, or a new vulnerability class we haven't seen before.

First-to-report

The first valid report for a given issue gets the bounty. Duplicates receive CVE credit but no cash.

Not rewarded

  • Reports using real customer data (even in PoC) — retest against your own test account.
  • Reports that caused service disruption.
  • Reports from individuals located in sanctioned countries (OFAC restrictions).
  • Reports from current Avala employees, contractors, or their immediate family members.

Payment & tax

How we pay

  • Method: PayPal (all researchers, all countries)
  • Timing: within 30 days of the bounty decision
  • Currency: USD unless otherwise agreed

Tax forms

  • US: W-9 required before first payout; 1099-NEC issued if you receive $600+ in a calendar year
  • International: W-8BEN required before first payout
  • — Tax forms are uploaded securely through your researcher profile
  • — Bounty income is reportable on your own tax return according to your country's rules

Questions about rewards?

Read the FAQ