Huntr

Huntr

Huntr is the world's first bug bounty platform dedicated to the field of artificial intelligence and machine learning. By harnessing the collaboration of the security research community, it helps identify and report security vulnerabilities in AI/ML open-source projects, libraries, and model file formats, boosting the security of the entire ecosystem.
Rating:
5
Visit Website
AI vulnerability bounty platformmachine learning security vulnerabilitiesmodel file vulnerability detectionAI security bug bountyopen-source AI project securityvulnerability report submission platformAI supply chain securitysecurity researcher community

Features of Huntr

Unified submission portal for vulnerability reports on AI/ML open-source applications, libraries, and model file formats.
A dedicated model-file vulnerability initiative covering security checks for 56 model file formats.
Standardized workflow for submission, verification, rewards, and disclosure.
Assign CVEs to validated open-source vulnerabilities and coordinate with maintainers for fixes.
Bringing together security researchers and open-source maintainers to collaboratively enhance AI system security.
Guardian scanning tool integration to strengthen security checks for model file formats.
Access to Discord community and blog resources to support security researchers.

Use Cases of Huntr

Researchers submit responsible vulnerability reports when they discover potential security flaws in AI open-source libraries or frameworks.
Enterprises evaluating the security of their AI model files can reference disclosed vulnerabilities on the platform.
Open-source project maintainers receive community-submitted security reports and perform fixes via the platform.
Organizations building AI supply chain security programs can use the platform to understand known risks in mainstream AI components.
Researchers conducting security audits for specific model file formats can submit findings through the platform's dedicated category.

FAQ about Huntr

QWhat is Huntr?

Huntr is the world's first bug bounty platform focused on artificial intelligence and machine learning, connecting security researchers with AI open-source projects to improve the security of the AI ecosystem through responsible vulnerability disclosure.

QWhat types of vulnerabilities does Huntr cover?

The platform covers two main types of vulnerabilities: model-file vulnerabilities, focusing on machine learning model file formats and their loading processes; and open-source vulnerabilities, addressing security flaws in AI/ML open-source applications and libraries.

QHow to submit a vulnerability report on Huntr?

Researchers can submit vulnerability reports via the platform's security form; the platform will then contact the relevant maintainers for validation and manage rewards and disclosure.

QWhat is the bounty amount on Huntr?

Bounties vary by severity and project; public information shows rewards range from $0 to $4,000, with specifics listed in the platform's bounty projects.

QHow does Huntr handle submitted vulnerabilities?

Upon receipt, the platform will contact maintainers and grant a 31-day response window. For high-severity vulnerabilities with no maintainer reply, the platform may take manual action within 14 days. Valid vulnerabilities, once confirmed, earn researchers a bounty.

QAre vulnerability reports on Huntr publicly disclosed?

According to platform rules, open-source vulnerability reports are usually disclosed 90 days after verification and fix, with a potential extension; model-file vulnerability reports are generally not disclosed.

QWho can use Huntr?

The platform is targeted at security researchers, AI open-source project maintainers, and organizations and individuals interested in AI/ML supply chain security. Users must log in and agree to the Terms of Service to access core features.

QWhich model file formats does Huntr support?

The platform's model-file vulnerability initiative covers 56 formats, including safetensors, GGUF, and other common ML model file formats.