The Yandex Bug Bounty

Earn a reward for finding vulnerabilities in Yandex services: a cash prize and a place in the Hall of Fame.
Send report

{ before the start }
Information for researchers

  1. There are multiple Bug Bounty programs, each with its own rules
  2. We recommend thoroughly reviewing rules of the specific program, competition rules , and regulations
  3. If you think you found a bug or vulnerability that might affect our users' confidential data, let us know via the form
{ where you can hunt }
The Bug Bounty programs
Main scope
The main testing scope is infrastructure, web services, desktop apps that work with users' personal information.
Smart devices with Alice
Try to find vulnerabilities in our smart devices and subscription mechanisms.

Testing scope: Voice-controlled devices — Yandex Station and Yandex Module.

Yandex Browser
Bug Bounty is designed to encourage security research on one of our key applications — Yandex Browser.
Mobile applications
The goal is to find critical vulnerabilities in Yandex apps.

Testing scope: all public Yandex apps

Yandex Cloud
Testing scope: all public services of the Yandex Cloud platform
AI/ML Security

Testing scope: all Yandex services that use AI/ML

{ compete with others }
Our contests
finished
Alice, ready or not, here I come!
Learn more
finished
Delivery hunt
Learn more
finished
Traveling with Edadeal
Learn more
finished
Merry XSSMas
Learn more
finished
Yandex Eats
Learn more
finished
Data Protection Season
Learn more
finished
10-years
Learn more
Show more
{ Learn more }
Subscribe to the telegram channel of the Yandex BugBounty
In this channel we publish news, changes to the rules and other benefits for bug hunters
Subscribe
Wed Apr 09 2025 19:35:44 GMT+0300 (Moscow Standard Time)