Expanding Our Bug Bounty Program

We at Palantir are committed to continually investing in the privacy and security of our software products. As part of this commitment to safeguarding our customers and their data, especially during this time of unprecedented urgency, we are announcing an update to the public bug bounty program for Palantir’s infrastructure and software.

Effective immediately, we are expanding our policy to offer rewards of up to $100,000 USD for qualified submissions of specific vulnerabilities. Applicable scenarios for these high-value bounties include the following:

• Up to $100,000: Unauthenticated remote code execution against underlying Palantir Cloud infrastructure.
• Up to $75,000: Authentication bypass for Palantir software products (with bypass of multi-factor authentication).
• Up to $50,000: Authentication bypass for Palantir software products.
• Up to $25,000: Authorization bypass or privilege escalation within Palantir software products.

Please note that Palantir reserves the right to adjust the bounty depending upon the severity of the vulnerability reported and quality of the report. Full details are available on our responsible disclosure policy.

Security and privacy are foundational pillars of Palantir’s culture and business disposition. We value the input of security professionals acting in good faith to maintain an industry-leading standard of safety for our users, including responsible vulnerability discovery and disclosure. While we continue to feel confident in our security posture broadly, this program will help us stay on top of potential security issues into the future.

To learn about Palantir’s InfoSec team, visit our website.

Author

Dane Stuckey, Palantir Chief Information Security Officer