top of page
1.png

Security and Trust Center

Beehive AI Bug Bounty Program: Help Us Strengthen Our Security and Community

Keeping our customers’ data secure is our top priority, and we encourage responsible reporting of any vulnerabilities that may be found in our systems or applications. 

 

Beehive AI Bounty Program is an opportunity for software security researchers and white-hat hackers to earn rewards for identifying and reporting software vulnerabilities. Bug reports must document enough information, obey all the rules (please see below), and never violate our provisions to be eligible for a reward. Rewards are commensurate with the reported bug's impact and will be determined by Beehive AI on a case-by-case basis.

What you can and can't do:

  • You can’t access or attempt to access anyone else’s data

  • You can’t destroy or corrupt (or attempt to) any data, system, or infrastructure component

  • You can’t perform any attack that could harm the reliability/integrity of our services, such as DDoS or spam attacks

  • If you find a bug, do not disclose, privately or publicly, it to anyone but us. Do not post it anywhere

  • You may only test for vulnerabilities on sites owned and operated by Beehive AI

  • You may not impact any of our users while doing your tests

  • Non-technical attacks (phishing, social engineering, physical attacks, etc.) are prohibited and ineligible for rewards

  • You may not test any website forms, including lead and message forms; such tests are automatically disqualified.

 

If you have any questions, concerns, or doubts, please contact us by submitting the form above.

What we will do:

  • We will respond to your query/report as quickly as possible 

  • We will update you on what we find and what we are going to do about it

  • If we determine that your finding is original, meaningful, and impactful, and if you follow all our rules, we will reward you


 

For further clarify, we’ve listed examples of ineligible bugs. 

 

Examples of ineligible bugs:

  • Bugs that don’t affect the latest version of modern browsers or bugs related to browser extensions

  • Reports that don’t include detailed steps to reproduce the issue or where we cannot reproduce the bug

  • Insecure cookie settings for non-sensitive cookies

  • Bugs relating to the disclosure of public information or information that does not present a significant risk

  • Bugs that have already been submitted by another user or that we are already aware of

  • Bugs in content/services that are not owned/operated by Beehive AI, including our third-party providers, cloud hosting services, and other vendors;unless such bugs allow access to our data

  • Automation attacks or brute forcing of any information, including usernames and passwords

  • Session termination, password reset requests, input validation, and rate limiting on any contact forms. Exposed JS or HTML files.

  • Reports about email spoofing or email flooding via web forms.


 

How to report: 

Discreetly share full details of the suspected vulnerability with us by sending an e-mail to bugbounty@beehive.ai 

Include the following information:

  • Full description of the issue you discovered, including exploitation methodology and estiamted impact

  • Type of issue; for example cross-site scripting, buffer overflow, SQL injection

  • Proof of concept and/or details, like a video of screen recording demonstrating the issue

  • Details about any unique configuration required to reproduce the issue

 

How we reward 

Beehive AI will review your report and confirm that your finding is original, meaningful, impactful, and that you followed all of our rules. A Beehive AI team member will contact you to disclose our decision and arrange for a reward determined by the team.

bottom of page