Bug Bounty Program

Participate in the Borderless Bug Bounty Program

Bounties for verified security vulnerabilities reported by third party ethical security researchers.

Version: 2025-06-17

Terms of the program

Bounty

Borderless will pay bounties for ethically reported vulnerabilities that were previously unidentified by Borderless.

Terms

The submission of reports implies acceptance of the terms of this program.

Payment

Payment will be made through the Borderless AI platform.

person seeing the benefits of the refferal program

Bounties

Rewards by severity of issue (determined by Borderless AI)
All amounts in USD

  • Critical - $600
  • High - $300
  • Medium - $75
  • Low - $25

Requirements

The program requirements include the following:

  1. Research must be done on the Test environment: app.borderless.ninja
    1. Testing on the production site (app.hireborderless.com) will only be allowed if it is testing configuration specific to that environment.
    2. Fake resources (users, contracts, legal entities) should NOT be created in production for the purposes of testing. Researchers may create one real user account, which will be used to pay them (see below), and one legal entity, for themselves.
  2. No proprietary data for other customers must be accessed from the production environment: app.hireborderless.com
  3. No damage must be done to production data.
  4. No causing downtime to the production site is allowed.
  5. No harm to Borderless, its business, its customers, or its partners is allowed.
  6. Reports must not be disclosed to others until Borderless has had 12 months to complete remediation in all systems.
  7. The incident reports must not be used to tarnish Borderless’ public reputation.
  8. All reported bugs must be reproducible on an up-to-date device assuming the customer follows best practices for that device,

Limitations

While Borderless has throttling in place, the limits are intentionally different between the Test and Production environments. It is generally not useful to test throttling in the Test environment without knowing the exact throttle thresholds for that specific environment, which Borderless does not disclose.

Submission and payment process

Please review each step

  1. The issue will be reported by email to security@hireborderless.com.
  2. An ethically reported vulnerability will be verified and assigned a severity by the Borderless Engineering Team.
  3. Borderless will pay the security researcher through the Borderless platform.
    1. The researcher will be invited to app.hireborderless.com.
    2. The researcher will set up their Borderless account, complete KYC, then submit an invoice for the amount corresponding to the vulnerability.
    3. Borderless will pay the invoice through through the Borderless global payments feature.

Disqualifications

Please review each warning

⚠️ Warning

The program is intended exclusively to enable third party researchers to submit critical vulnerabilities, such as missing authentication on endpoints, or similarly critical issues.

Submitters can be disqualified for any violations of the program. Previously submitted reports will not qualify for payment and no further issues will be accepted from that reporter.
Example reasons for disqualification:
  1. Submitting issues for functionality OUTSIDE of app.borderless.com (SMTP / email configurations, reports about other subdomains or marketing pages).
  2. Sending multiple reports for low severity items, such as
    1. Reports about email address validations,
    2. Reports about configuration best practices,
    3. Reports about the application's choice of security token TTLs, session timeouts, session invalidation policies, etc.
Report format

Complete reports are more likely to be accepted

Summary

1-2 line description of the issue

Vulnerability details

- Description of vulnerability
- Detailed steps to reproduce the vulnerability
- Description of impact

Proof of concept

Proof of concept demonstrating the vulnerability, using the test environment.
This should include a screen recording, or a screenshot, showing information disclosure or corruption.

Recommended fix

Additional information

Reporter information

Name:
Email:
Address:

Boerderless ai logo
Talent should be borderless
Product
Hire employeesHire contractorsGlobal payrollBorderless mobile appBorderless EmbeddedVisa & immigrationLog in
Company
About usWhy BorderlessCompare BorderlessPressCareersBook a demoRefer & EarnBug Bounty Program
Resources
BlogCustomer StoriesCountry explorerContact usTrust Center
Legal
DisclaimerTerms of servicePrivacy policyData processing agreementCookie policy
CONTACT
support@hireborderless.com +1 (888) 861-8798
Copyright ©2025 Borderless AI. All Rights Reserved.