Security Research
Bug Bounty Program
Help us keep Zof AI secure. Report vulnerabilities responsibly and earn rewards.
Submit a ReportReward Levels
Critical
$5,000 - $15,000
RCE, Auth bypass, Data breach
High
$1,000 - $5,000
SQLi, XSS (stored), SSRF
Medium
$250 - $1,000
CSRF, Info disclosure, Privilege escalation
Low
$50 - $250
Open redirect, Clickjacking, Missing headers
In Scope
| Domain | Description | Priority |
|---|---|---|
app.zof.ai | Main application | High |
api.zof.ai | API endpoints | High |
zof.ai | Marketing website | Medium |
docs.zof.ai | Documentation | Low |
Program Rules
Eligibility
- You must be 18 years or older
- You cannot be a current or former Zof AI employee
- You must not reside in a country under US sanctions
Testing Guidelines
- Only test against your own accounts
- Do not access, modify, or delete other users' data
- Do not perform denial of service attacks
- Report vulnerabilities promptly and keep them confidential
Out of Scope
- Social engineering attacks
- Physical security testing
- Third-party services and applications
- Spam or rate limiting issues
Found a Vulnerability?
Send your report to security@zof.ai with detailed reproduction steps. We will respond within 48 hours.