Avala
Security

Scope

Where to look.

Scope is explicit so you don't waste your time. If a target appears in the "In scope" tables below, a valid vulnerability is eligible for a bounty. If it's in "Out of scope," please don't test it — or report it anyway but know it won't be rewarded.

In scope

Core product

  • avala.ai — Mission Control (Flutter web annotation platform)
  • api.avala.ai / server.avala.ai — Django API + MCP endpoint
  • Arcade mobile app (iOS/Android)

Customer-facing web surfaces

  • about.avala.ai — marketing site
  • ir.avala.ai — investor relations (gated)
  • docs.avala.ai — developer docs
  • security.avala.ai — this portal
  • trust.avala.ai — Vanta trust center

Infrastructure

  • Publicly-exposed Avala-owned AWS / Cloudflare surfaces (ALB, S3 buckets with avala-* prefix, Lambda/Worker endpoints)
  • DNS, TLS, and email authentication misconfigurations on Avala-owned domains

SDKs & packages

  • avala (PyPI)
  • @avala-ai/sdk (npm)
  • @avala-ai/mcp-server (npm)

AI / LLM-specific

  • Prompt injection in LLM-powered endpoints
  • MCP server (server/apps/mcp/) authz bypass or SELECT-only bypass
  • Training data or model exfiltration via API
  • Indirect prompt injection via uploaded annotation data

Authentication

  • Auth0 integration flaws in our configuration
  • API key scoping (server/apps/apikey/)
  • JWT validation bugs

Out of scope

These items are not eligible for a bounty. Findings may still be triaged, and we'll fix legitimate issues — but they won't qualify for cash.

  • Third-party services (Auth0, Supabase, Vanta, AWS, Cloudflare, Sentry, Resend, Intercom, Stripe) — report directly to the vendor
  • Non-production environments (dev.alala.ai, *.dev.alala.ai) unless they expose production data
  • Volumetric DoS, rate-limiting concerns without demonstrated impact
  • Social engineering, phishing, physical attacks on Avala staff or offices
  • Spam/abuse reports (account signup, email deliverability, bounce handling)
  • Missing security headers without a working exploit chain
  • Self-XSS without amplification
  • Clickjacking on pages without auth-state-changing actions
  • Open redirects without demonstrable impact
  • CSRF on unauthenticated endpoints
  • Software version disclosure without a known exploit
  • Vulnerabilities in unsupported versions (Mission Control < 1.25, Django < 4.2)
  • Theoretical issues without a working proof of concept
  • Reports generated by automated tools without manual validation

Not sure if something is in scope?

Email security@avala.ai before you start testing, or submit a report and we'll tell you.

Submit a report