Our security bug bounty program is now public on HackerOne. We've run the prog

Anthropic has made its security bug bounty program publicly available on HackerOne, opening participation to the broader security research community after a period of private operation. The program, which had previously been restricted to vetted researchers within established security circles, now allows any qualified individual to identify and report vulnerabilities in Anthropic's products and receive financial compensation in return. The transition from a private to a public program represents a meaningful shift in how Anthropic is approaching external collaboration on security matters. The decision to expand the program publicly signals a growing maturity in Anthropic's security posture. Private bug bounty programs are typically used by organizations in earlier stages of security readiness, allowing them to stress-test their systems with a controlled group of trusted researchers before opening the surface area to wider scrutiny. The fact that Anthropic is now confident enough to invite public participation suggests the private phase yielded actionable improvements and that the company believes its systems can withstand broader examination. The acknowledgment that prior findings "strengthened our products" also reflects a degree of institutional transparency about the iterative nature of security development. Bug bounty programs hosted on HackerOne are an industry-standard mechanism for crowdsourcing vulnerability discovery, used by major technology firms including Google, Microsoft, and Meta. By hosting on this platform, Anthropic gains access to HackerOne's established community of ethical hackers and security researchers, along with the platform's triage and disclosure infrastructure. This is particularly significant in the context of AI systems, where vulnerabilities may extend beyond traditional software flaws to include model-level exploits such as prompt injection, data exfiltration through inference, or manipulation of safety mechanisms — categories of risk that are still being defined across the industry. The move also reflects broader trends in AI safety and trust-building. As AI companies face increasing regulatory attention and public scrutiny, demonstrating proactive, structured approaches to security — including third-party validation — has become an important component of credibility. Anthropic, which has positioned itself as a safety-focused AI lab, benefits from signaling that its commitment to robust systems extends into operational security practices, not just research and policy. Making the bug bounty program public is a practical expression of that commitment, inviting accountability from the external research community in a formalized and compensated framework.