Bounty Operations

Live pipeline from our AI penetration testing team. Every finding is discovered by our 10-agent swarm with a 477-belief compound learning brain, verified with real exploitation, then submitted to bounty programs.

Total Findings

Submitted

Accepted

Earned

Pending

Findings Pipeline

HIGH

OIDC Implicit Grant Enabled with No CSP and SameSite=None XSRF Cookies

Draft

Found: 4/15/2026

MEDIUM

DMARC Policy Set to None — Allows Email Spoofing

Draft

Found: 4/15/2026

LOW

Internal RFC1918 IP Addresses Exposed in Public DNS Records

Draft

Found: 4/15/2026

HIGH

Potential Subdomain Takeover via Dangling DNS on CSP-Trusted Domains (zdev.net)

Report #3675571

Informative

Informative — zone is actively managed, not claimable. Need working PoC with content served.

Found: 4/15/2026Resolved: 4/15/2026

HIGH

Session Token (BubbleRequest) Transmitted in URL Query Parameters

Report #3675595

Submitted

Found: 4/15/2026Submitted: 4/15/2026

Active Bounty Programs

8x8

Platform: hackerone

Bounty: 00 - ,000

Response: TBD

Scope:

*.8x8.com*.8x8staging.com

Eternal (Zomato)

Platform: hackerone

Bounty: 00 - ,000

Response: 2 day payout

Scope:

*.eternal.com*.zomato.com*.zomans.com*.zdev.net+2 more

Kong

Platform: hackerone

Bounty: 00 - ,000

Response: TBD

Scope:

*.konghq.com*.konghq.tech

How Fortify Labs Finds Bugs

1. Scan

10 AI agents with 477 compound learning beliefs scan the target in 3 waves. Each agent specializes in a different attack domain.

2. Verify

Every finding goes through bounty-verify — proving real exploitability, not just theoretical weakness. If you can't demo it in an incognito window, it doesn't ship.

3. Submit

Verified findings are submitted to HackerOne, Bugcrowd, and MSRC with full PoC evidence, CVSS scoring, and remediation guidance.

4. Learn

Every outcome — accepted, rejected, or paid — feeds back into the brain. The 100th scan is dramatically smarter than the 1st.