Bug bounty
The proctoring industry's first public bug bounty.
Aiseptor invites the security research community to probe the ARES enclave — WireGuard VPN, nftables firewall, DNS filtering, and the on-device integrity agents. We pay for real findings, publish every resolved issue to a public CVE log, and treat disclosure as a feature, not a liability.
In scope
- Network escape: Any candidate-side technique that routes traffic to an AI service domain, direct IP, or DoH endpoint during an enrolled exam session. Includes DNS tunneling, SNI spoofing, and VPN side-channels.
- Device-side bypass: Defeating the Windows or macOS agent — process injection, firewall tamper with no telemetry, overlay rendering that evades screen-capture exclusion checks, or local-LLM detection evasion.
- Signal spoofing: Forging HMAC-signed telemetry, impersonating a candidate peer, or crafting admin-API requests that bypass the bearer token flow.
Rewards
Reward tiers scale with exploitability and customer impact. Critical findings (unauthenticated network escape or admin takeover) are our highest payouts. Lower-severity findings — rate-limit bypasses, information leaks, client-side UX flaws — still receive recognition and a CVE entry where applicable.
CVE-log commitment
Every resolved finding is published to our public CVE log with affected versions, fix commit, and credit to the researcher (unless anonymity is requested). We publish within 90 days of resolution — we do not bury findings and we do not gag researchers.
Full program terms, scope addenda, and the current CVE log are being prepared for week 4 of the site build. If you have a finding now, submit it and we will triage directly.