Vulnerability Disclosure Program (VDP)

VDPs are meant for responsibly reporting vulnerabilities you encounter — not for actively hunting for fame or reputation. Even if you're just starting out, consider focusing on rewarded bug bounty programs instead.

anthropic-vdp

HackerOneView on HackerOne
RawAI Enhanced
5
In Scope
1
Out of Scope
In-Scope Assets (5)
AssetCategoryBountyQuick Links
API & SDKsAINo-
Claude CodeOTHERNo-
Infrastructure & Internal Apps/ServicesOTHERNo-
Official ClientsOTHERNo-
claude.aiURLNo
crt.shGoogleShodanSecurityTrailsWaybackDNSdumpsterVirusTotalAlienVault OTXGitHubFofa
Out-of-Scope Assets (1)
AssetCategoryBounty
https://github.com/modelcontextprotocolCODENo
Scope Changes (22)
Feb 25, 2026
ChangeAssetCategoryScopeTime
Addedinfrastructure & internal apps/servicesOTHERIn Scope19:19
Addedofficial clientsIOSIn Scope19:19
Addedofficial clientsIOSIn Scope19:19
Addedofficial clientsIOSIn Scope19:19
Addedclaude codeCODEIn Scope19:19
Addedhttps://github.com/modelcontextprotocolURLOut of Scope19:19
Addedapi & sdksAIIn Scope19:19
Addedclaude.aiURLIn Scope19:19
Feb 22, 2026
ChangeAssetCategoryScopeTime
Addedclaude codeOTHERIn Scope00:48
Addedhttps://github.com/modelcontextprotocolCODEOut of Scope00:48
Addedapi & sdksAIIn Scope00:48
Addedclaude.aiURLIn Scope00:48
Addedinfrastructure & internal apps/servicesOTHERIn Scope00:48
Addedofficial clientsIOSIn Scope00:48
Addedofficial clientsIOSIn Scope00:48
Addedofficial clientsIOSIn Scope00:48
Feb 21, 2026
ChangeAssetCategoryScopeTime
Addedapi & sdksAIIn Scope19:12
Addedclaude.aiURLIn Scope19:12
Addedinfrastructure & internal apps/servicesOTHERIn Scope19:12
Addedofficial clientsOTHERIn Scope19:12
Addedclaude codeOTHERIn Scope19:12
Addedhttps://github.com/modelcontextprotocolCODEOut of Scope19:12