At Grammarly, we view security as the most critical feature of our AI-powered writing assistant. We value the trust that our users have in us to keep their information safe, and we want our users to know that any data they share with us while using our products are safe and protected.
We have a committed team of security engineers and experts, but we also know that close collaboration with a talented group of security researchers will lead to a better, more secure product. That’s why today we’re excited to announce the launch of our public bug bounty program with HackerOne. (A bug bounty program, for those unfamiliar with the term, is a program where ethical hackers are invited to report security vulnerabilities to organizations in exchange for monetary rewards for useful submissions.) This is the latest effort in Grammarly’s security strategy, designed to make our product more robust and protect our users against yet-unknown security threats.
In today’s rapidly evolving security threat landscape, it’s essential to be armed with the right toolkit to protect user security and data privacy. After successfully running a private bug bounty program with HackerOne for over a year — currently with nearly 1,500 participants — we’re ready to launch a broader public program to enhance our security posture even further. We firmly believe that this gives us access to the best resources to help mitigate vulnerabilities, ward off attackers, and — ultimately — protect our users.
We know that our more than 15 million daily users deserve to use software that’s as safe and secure as possible. We call upon the security researcher community to join us in our endeavor and invite you all to learn more about our bug bounty program on our HackerOne page.