Vulnerability Disclosure Program (VDP)
VDPs are meant for responsibly reporting vulnerabilities you encounter — not for actively hunting for fame or reputation. Even if you're just starting out, consider focusing on rewarded bug bounty programs instead.
sunrun-vdp-pro
7
In Scope
2
Out of Scope
In-Scope Assets (7)
| Asset | Category | Bounty | Quick Links | |
|---|---|---|---|---|
| https://ai.sunrun.com/ | URL | No | ||
| https://elephant.ai.sunrun.com/ | URL | No | ||
| https://ipa.ai.sunrun.com/ | URL | No | ||
| https://servicetransfer.staging.ai.sunrun.com/ | URL | No | ||
| https://sunrunone.com/dashboard | URL | No | ||
| https://www.affiliates.ai.sunrun.com/ | URL | No | ||
| https://www.valuereport.ai.sunrun.com/ | URL | No |
Out-of-Scope Assets (2)
| Asset | Category | Bounty | |
|---|---|---|---|
| Third-party SaaS services not owned or managed by Sunrun | OTHER | No | |
| Vendor-hosted platforms outside direct Sunrun control | OTHER | No |
Scope Changes (45)
Mar 5, 2026
| Change | Asset | Category | Scope | Time |
|---|---|---|---|---|
| Added | https://ai.sunrun.com/ | URL | In Scope | 22:32 |
| Added | https://sunrunone.com/dashboard | URL | In Scope | 22:32 |
| Added | https://www.valuereport.ai.sunrun.com/ | URL | In Scope | 22:32 |
| Added | https://elephant.ai.sunrun.com/ | URL | In Scope | 22:32 |
| Added | https://www.affiliates.ai.sunrun.com/ | URL | In Scope | 22:32 |
| Added | https://servicetransfer.staging.ai.sunrun.com/ | URL | In Scope | 22:32 |
| Added | https://ipa.ai.sunrun.com/ | URL | In Scope | 22:32 |
| Added | third-party saas services not owned or managed by sunrun | OTHER | Out of Scope | 22:32 |
| Added | vendor-hosted platforms outside direct sunrun control | OTHER | Out of Scope | 22:32 |
| Added | https://ai.sunrun.com/ | URL | In Scope | 22:32 |
| Added | https://www.valuereport.ai.sunrun.com/ | URL | In Scope | 22:32 |
| Added | https://elephant.ai.sunrun.com/ | URL | In Scope | 22:32 |
| Added | https://www.affiliates.ai.sunrun.com/ | URL | In Scope | 22:32 |
| Added | https://servicetransfer.staging.ai.sunrun.com/ | URL | In Scope | 22:32 |
| Added | third-party saas services not owned or managed by sunrun | OTHER | Out of Scope | 22:32 |
| Added | https://sunrunone.com/dashboard | URL | In Scope | 22:32 |
| Added | https://ipa.ai.sunrun.com/ | URL | In Scope | 22:32 |
| Added | vendor-hosted platforms outside direct sunrun control | OTHER | Out of Scope | 22:32 |
Feb 25, 2026
| Change | Asset | Category | Scope | Time |
|---|---|---|---|---|
| Added | https://ai.sunrun.com/ | URL | In Scope | 19:15 |
| Added | https://www.valuereport.ai.sunrun.com/ | URL | In Scope | 19:15 |
| Added | https://www.affiliates.ai.sunrun.com/ | URL | In Scope | 19:15 |
| Added | https://servicetransfer.staging.ai.sunrun.com/ | URL | In Scope | 19:15 |
| Added | third-party saas services not owned or managed by sunrun | OTHER | Out of Scope | 19:15 |
| Added | vendor-hosted platforms outside direct sunrun control | OTHER | Out of Scope | 19:15 |
| Added | https://sunrunone.com/dashboard | URL | In Scope | 19:15 |
| Added | https://elephant.ai.sunrun.com/ | URL | In Scope | 19:15 |
| Added | https://ipa.ai.sunrun.com/ | URL | In Scope | 19:15 |
| Added | https://ai.sunrun.com/ | URL | In Scope | 17:14 |
| Added | https://sunrunone.com/dashboard | URL | In Scope | 17:14 |
| Added | https://www.valuereport.ai.sunrun.com/ | URL | In Scope | 17:14 |
| Added | https://elephant.ai.sunrun.com/ | URL | In Scope | 17:14 |
| Added | https://www.affiliates.ai.sunrun.com/ | URL | In Scope | 17:14 |
| Added | https://servicetransfer.staging.ai.sunrun.com/ | URL | In Scope | 17:14 |
| Added | https://ipa.ai.sunrun.com/ | URL | In Scope | 17:14 |
| Added | third-party saas services not owned or managed by sunrun | OTHER | Out of Scope | 17:14 |
| Added | vendor-hosted platforms outside direct sunrun control | OTHER | Out of Scope | 17:14 |
| Added | https://sunrunone.com/dashboard | URL | In Scope | 17:14 |
| Added | https://servicetransfer.staging.ai.sunrun.com/ | URL | In Scope | 17:14 |
| Added | third-party saas services not owned or managed by sunrun | OTHER | Out of Scope | 17:14 |
| Added | vendor-hosted platforms outside direct sunrun control | OTHER | Out of Scope | 17:14 |
| Added | https://ai.sunrun.com/ | URL | In Scope | 17:14 |
| Added | https://www.valuereport.ai.sunrun.com/ | URL | In Scope | 17:14 |
| Added | https://elephant.ai.sunrun.com/ | URL | In Scope | 17:14 |
| Added | https://www.affiliates.ai.sunrun.com/ | URL | In Scope | 17:14 |
| Added | https://ipa.ai.sunrun.com/ | URL | In Scope | 17:14 |