Program Scope

0DIN's GenAI Bug Bounty targets security boundaries across models and apps. If you have questions, ask us.

STARTING

$500

MEDIUM

$2,500

HIGH

$5,000

SEVERE

$15,000

App Security Violations

Vulnerabilities in AI-powered applications and agents. These target the app layer — what actions can be coerced through the model.

App violations involve prompt injection that results in unauthorized actions. The key question is: can you achieve arbitrary read, write, or execute through the application? If the vulnerability only affects the model's output (jailbreak), it belongs under Models.

Read Violation

$1,000 – $5,000

Unauthorized data exfiltration through the app. The attacker coerces the application into reading and disclosing data it should not — files, emails, API keys, memory, or user data from other sessions.

Write Violation

$2,500 – $7,500

Unauthorized data modification through the app. The attacker causes the application to write, modify, or delete data — files on disk, database records, configuration, or user content in other accounts.

Execute Violation

$5,000 – $15,000

Unauthorized command or code execution through the app. The attacker achieves arbitrary execution — shell commands, system calls, network requests to attacker-controlled infrastructure, or actions on third-party systems.