Anthropic Opens Security Bug Bounty Program to the Public on HackerOne
Original: Anthropic Opens Security Bug Bounty Program to the Public on HackerOne View original →
Public Bug Bounty Program Launched
Anthropic has opened its security bug bounty program to the public via HackerOne. Previously limited to a private group of vetted security researchers, the program is now open to anyone who wants to help identify vulnerabilities in Anthropic products.
Building on Private Program Success
The company ran the program privately within the security research community, and researchers findings directly strengthened Anthropic products. The private phase helped identify a range of vulnerabilities that internal teams might have missed.
How to Participate
Security researchers can now submit vulnerability reports through the Anthropic program page on HackerOne. Rewards range from $100 to $10,000 depending on the severity of the vulnerability found. AI-specific threat categories such as prompt injection, data exfiltration, and model manipulation are of particular interest.
Significance for AI Security
As AI models grow more capable and complex, external security scrutiny becomes increasingly vital. Anthropic opening the program publicly reflects a broader industry trend toward transparency and community-driven security research. Independent researchers can now formally contribute to making Claude safer for everyone.
Related Articles
Security alerts are moving from volume to trust. GitHub says LLM-based contextual verification reduced secret-scanning false positives by 75.76%, beating its 65% target.
Anthropic said Claude Opus 4.6 found 22 Firefox vulnerabilities during a two-week collaboration with Mozilla. Mozilla classified 14 as high severity and shipped fixes in Firefox 148.0.
Anthropic published a Mar 6, 2026 policy for vulnerabilities identified with Claude. The framework sets a 90-day default disclosure window, a 7-day target for actively exploited critical bugs, and human review requirements before reports go out.