• Amit Kukreja

Palantir Will Pay You To Ethically Hack Their Software

The Best Offense Is Defense

Part of any good software is making sure that it is difficult to hack into it. There are millions of people across the world launching cybersecurity attacks - its why we have entire public companies dedicated to providing solutions for cybersecurity.

Palantir is one of the companies that genuinely cares about user privacy, data, and the relationship data has to ethics and security. As a result, they have officially launched a campaign in collaboration with HackerOne, which is a company that helps make sure other companies can track and manage how easy or hard it may be for their software to get hacked into.

Palantir will be providing monetary incentives to those who find major issues with their software while trying to hack into it.

$250 for low issues, $2000 for medium issues, $5000 for high issues, and $10,000 for critical issues.

Details are below and also on this website:

Palantir provides rewards to vulnerability reporters at its discretion. Our minimum reward is $250 USD.

Our rewards are based on severity per CVSS (the Common Vulnerability Scoring Standard). Please note these are general guidelines and Palantir reserves the right to adjust the bounty depending upon the severity of the vulnerability reported and quality of the report.

Any public (Internet-facing) infrastructure owned and operated by Palantir. This is an expansive scope to help you identify security issues in any Internet-facing infrastructure we run.

All domains and subdomains owned and operated by Palantir are included within the scope. These may include, but are not limited to:

  • palantir.com

  • palantir.tech

  • palantir.build

  • palantircloud.com

  • palantircloud.co.uk

  • palantirfoundry.com

  • palantirfoundry.co.uk

  • palantirfoundry.de

  • palantirfoundry.fr

  • palantirfoundry.com.au

  • palantirgov.com

  • foundrygov.com

All assets and services on these, and other Palantir-owned domains (unless otherwise noted as out-of-scope) may be eligible for awards. This may include cloud resources, firewalls, network devices, servers, and other assets or applications.

Any public cloud (e.g. Amazon AWS, Microsoft Azure) resource or infrastructure operated and managed by Palantir.

  • Public cloud storage accounts. (e.g. AWS S3 buckets, Azure data blobs)

  • Public cloud compute servers. (e.g. AWS EC2 instances, Azure Virtual Machines)

If you know how to hack, it might be worth applying!

Thanks for reading the article. If you'd like to get in contact, please @ me on twitter here or email me at amit@dailypalantir.com.