Skip to main content

Bug Bounty

Strong security out-of-box is one of the main design goals of MonkOS. Like any respectable piece of software, MonkOS is constantly patched and improved to make sure that it cannot be exploited. Our team is happy to work with anyone who discovers a new way to make MonkOS go bzzzzt.

Earn up to $3000 per exploit!

If you have discovered a security vulnerability in MonkOS let us know!


In order to be eligible for a Bug Bounty reward:

  • Your report must be original, describing a previously undiscovered vulnerability,
  • Report must contain a working proof of concept demonstrating the vulnerability,
  • Reported vulnerability was not disclosed publicly,
  • Do no harm:
    • Do not attack accounts and clusters that do not belong to you,
    • Do not access data that does not belong to you,
  • Your vulnerability report must pertain to one of the following scopes:
    • Any endpoint on and *, or any public system ran by MonkOS that you can find,
    • MonkOS authentication and account lifecycle,
    • Remote and local exploitation of monkd,
    • Remote exploitation of MonkOS clusters running on different cloud environments.

Moreover, we reserve the right to reject reports that are purely theoretical, plainly obvious or rely on attack vectors outside our control.

Submit Your Report

Contact us via:

We will get back to you with next steps.


Our team will review your report and put into one of three tiers at their discretion. The exact reward amount depends on the vulnerability severity. You can get only rewarded once for a single vulnerability.

🥇 gold$1500 - $3000High, medium-high probablility
🥈 silver$500 - $1500Medium, medium-high probabliity
🥉 bronze$100 - $500Low or low probability

Issues without security impact are most welcome but they do not qualify for a reward.

The reward amounts may change without notice

MonkOS Contributor Program rules apply. Read more

Rate this page