The security of our systems and user data is Anthropic’s top priority. We recognize and appreciate the work of security researchers acting in good faith (as determined by Anthropic in its sole discretion) in identifying and reporting potential vulnerabilities.

If you discover a security vulnerability in an Anthropic system, please promptly report it to disclosure@anthropic.com along with any supporting details (logs, code, proofs of concept) to help us understand, validate, and respond to it quickly. If you have any questions about this policy or whether your research is consistent with this policy, please contact disclosure@anthropic.com before proceeding.

When responsibly submitting your findings to us, you can expect:

  • No legal action from Anthropic as a result of your research or reporting subject to compliance with applicable laws and legal obligations on Anthropic.
  • Prompt investigation and confirmation of vulnerability reports.
  • Resolution of confirmed vulnerabilities in a timely manner.
  • Recognition for significant vulnerability reports, determined on a case-by-case basis.

In turn, you must:

  • Promptly and responsibly report any vulnerability you’ve discovered only to disclosure@anthropic.com. Note that disclosure of issues to Anthropic must be unconditional and may not involve extortion or threats.
  • Avoid public disclosure of any vulnerabilities until authorized by Anthropic in writing.
  • Avoid any data destruction, disruption of Anthropic systems or user experience, violation of the privacy of others, or other illegal or harmful activities.
  • At all times, comply with all applicable laws.