Announcing the Vast.ai Vulnerability Bounty Program

July 24, 2025
2 Min Read
By Team Vast

Today, we’re announcing the launch of our Vast.ai Vulnerability Bounty Program. This is a new initiative we’ve created to help us improve, expand, and innovate our platform while making it more secure. Vast.ai’s mission is to provide the best GPUs for AI compute at accessible and affordable prices for everyone who needs it. With this bounty program, we’re inviting AI developers, researchers, and enthusiasts to collaborate with us. The launch of this program is in direct response to our community’s feedback, and we appreciate all the collaboration happening already.

Responsible Vulnerability Disclosure

We take security seriously and encourage responsible disclosure of any vulnerabilities.

What is the Vast.ai Vulnerability Bounty program?

The program provides a structured way to report bugs, suggest new features, or responsibly uncover vulnerabilities. Whether you’re a security researcher or a community builder, there’s an opportunity for you to do the right thing and be rewarded.

What Is In Scope?

  • Vast.ai web console, REST API & billing flows
  • Provider Daemon code (host agent)
  • Match‑making & pricing engine
  • Default Docker & KVM isolation on reference images
  • GPU memory‑isolation / tenant breakout flaws

What is out of Scope?

  • User workloads & third‑party container images
  • Social‑engineering, physical security, or denial‑of‑service (DoS) tests
  • Brute‑force attacks against customer passwords or MFA
  • Any activity that violates applicable law, exports regulations, or provider Terms of Service

If you discover a security issue, we ask that you:

  • Report it directly to our team at security@vast.ai.

  • Allow us a reasonable time to address the issue before any public disclosure.

In return, we commit to:

  • Acknowledging your report promptly and keeping you informed of progress.

  • Recognizing your efforts with a form of bounty rewards, platform credit, or joining our hall of fame.

How to Get Started?

  1. Join the Vast.ai Discord to connect with our team and community.

  2. Submit your bounty contributions and start hunting.

Please review the policy for the Rules of Engagement and specifics on scope, which will be updated periodically.

Vast AI

© 2025 Vast.ai. All rights reserved.

Vast.ai