huntr

huntr: The Bug Bounty Platform for AI/ML Security

What is huntr?

Huntr is the world's first bug bounty platform specifically designed for AI and Machine Learning (ML) projects. It serves as a central hub where security researchers can report vulnerabilities in AI/ML open-source applications, libraries, and model file formats, helping to bolster the security and stability of these critical components. By providing a structured and incentivized environment for vulnerability disclosure, huntr plays a vital role in the growing field of AI security.

How does huntr work?

Huntr facilitates a streamlined process for vulnerability reporting and resolution:

1. Disclosure: Security researchers identify and submit vulnerabilities through a secure form on the huntr platform.
2. Validation: The huntr team contacts the maintainer of the affected project and allows them 31 days to respond to the report. If no response is received, huntr manually resolves high and critical reports within 14 days.
3. Reward: If the report is validated by either the maintainer or huntr, the researcher receives a bounty as a reward for their contribution.
4. Publication: For open-source projects, vulnerability reports are made public after 90 days, allowing maintainers time to address the issue. Maintainers can request extensions if needed. Reports concerning Model File Formats are not publicly disclosed.

Why is huntr important?

As AI and ML become increasingly integrated into various aspects of our lives, the need to ensure the security of these systems is paramount. Huntr addresses this need by:

• Incentivizing vulnerability discovery: By offering bounties, huntr encourages security researchers to actively seek out and report vulnerabilities in AI/ML projects.
• Facilitating collaboration: Huntr provides a platform for researchers and maintainers to collaborate on addressing security issues.
• Improving AI/ML security: By identifying and resolving vulnerabilities, huntr contributes to the overall security and stability of AI/ML systems.

Who is huntr for?

Huntr is valuable for a variety of stakeholders:

• Security Researchers: A platform to report vulnerabilities and earn rewards, contributing to the security of AI/ML projects.
• AI/ML Project Maintainers: A way to proactively identify and address security issues in their projects.
• Organizations using AI/ML: Increased confidence in the security of the AI/ML components they rely on.

AI/ML Projects Supported:

Huntr supports over 240 AI/ML programs, including popular projects such as:

• NVIDIA/nvidia-container-toolkit
• apache/spark
• huggingface/text-generation-inference
• intel/neural-compressor
• mongodb/mongo-python-driver
• huggingface/transformers
• pytorch/pytorch
• scikit-learn/scikit-learn
• keras-team/keras
• apache/airflow
• numpy/numpy
• microsoft/LightGBM
• onnx/onnx
• jupyter/jupyter
• mlflow/mlflow
• aws/aws-cli
• nltk/nltk
• kubeflow/kubeflow
• apache/arrow
• apache/tvm
• microsoft/onnxruntime
• deepmind/sonnet
• NVIDIA/TensorRT
• triton-inference-server/server
• huggingface/tokenizers
• Netflix/metaflow
• elastic/elasticsearch-py
• pytorch/serve
• h5py/h5py
• aimhubio/aim
• joblib/joblib
• scikit-optimize/scikit-optimize
• keras-team/keras-tuner
• aws/sagemaker-python-sdk
• run-llama/llama_index
• facebookresearch/faiss
• facebookresearch/fairseq
• deepjavalibrary/djl
• microsoft/autogen
• microsoft/promptbench
• ollama/ollama
• huggingface/smolagents

These projects cover a wide range of AI/ML applications, highlighting huntr's comprehensive approach to AI security.

Key Features

• Bug Bounty Platform for AI/ML projects
• Secure vulnerability disclosure process
• Incentivized reward system for researchers
• Collaboration between researchers and maintainers
• Public vulnerability reports for open-source projects

Huntr is supported by Protect AI and is leading the way to MLSecOps and greater AI security.

Best way to secure your AI/ML projects? Join huntr today and contribute to a more secure AI ecosystem.