Vulnerability Disclosure Program (VDP)

VDPs are meant for responsibly reporting vulnerabilities you encounter — not for actively hunting for fame or reputation. Even if you're just starting out, consider focusing on rewarded bug bounty programs instead.

/engagements/sunrun-vdp-pro

BugcrowdView on Bugcrowd

RawAI Enhanced

In Scope

Out of Scope

In-Scope Assets (7)

Asset	Category	Bounty	Quick Links
https://ai.sunrun.com/	URL	No	crt.sh Google Shodan SecurityTrails Wayback DNSdumpster VirusTotal AlienVault OTX GitHub Fofa
https://elephant.ai.sunrun.com/	URL	No	crt.sh Google Shodan SecurityTrails Wayback DNSdumpster VirusTotal AlienVault OTX GitHub Fofa
https://ipa.ai.sunrun.com/	URL	No	crt.sh Google Shodan SecurityTrails Wayback DNSdumpster VirusTotal AlienVault OTX GitHub Fofa
https://servicetransfer.staging.ai.sunrun.com/	URL	No	crt.sh Google Shodan SecurityTrails Wayback DNSdumpster VirusTotal AlienVault OTX GitHub Fofa
https://sunrunone.com/dashboard	URL	No	crt.sh Google Shodan SecurityTrails Wayback DNSdumpster VirusTotal AlienVault OTX GitHub Fofa
https://www.affiliates.ai.sunrun.com/	URL	No	crt.sh Google Shodan SecurityTrails Wayback DNSdumpster VirusTotal AlienVault OTX GitHub Fofa
https://www.valuereport.ai.sunrun.com/	URL	No	crt.sh Google Shodan SecurityTrails Wayback DNSdumpster VirusTotal AlienVault OTX GitHub Fofa

Out-of-Scope Assets (2)

Asset	Category	Bounty
Third-party SaaS services not owned or managed by Sunrun	OTHER	No
Vendor-hosted platforms outside direct Sunrun control	OTHER	No