Security

Background

Carly.ai takes security very seriously, and we thank all of the white hats in our community for their research and assistance. Below you will find our responsible vulnerability disclosure policy, as well as multiple methods to get in contact with us.

How to disclose an issue

The Carly.ai disclosure program is managed through BugCrowd. To see the terms of the program and participate, go to BugCrowd and sign up as a tester. You will need to accept the Carly.ai terms of service to engage in testing. If you have identified a vulnerability, please report it via BugCrowd to be eligible for a reward.

Visit the BugCrowd portal for the Carly.ai bounty program.

Sensitive disclosures

If during the course of your testing you need to disclose an extremely critical vulnerability - remote code execution, private key leak, etc - you may contact us directly via secured email, private phone call, or in-person meeting. Please use these communication mediums judiciously.

  • Email: security@carly.ai (must be encrypted with pgp)
  • Phone: +1 (202) 269-2066
  • Physical: please get in touch to arrange an in-person meeting