Comment by da_grift_shift

10 hours ago

>We appreciate the security research here

>it’s unfortunate this one slipped through a crack in our disclosure pipeline

>As we’re now aware of this report

This isn't the first time. https://x.com/PhilipTsukerman/status/1988634162773778501 https://x.com/_xpn_/status/1986382527817564437

What very likely happened here is you received good faith security research by email and you forced the researcher to submit through HackerOne or Bugcrowd or whatever, which mandates their compliance with Platform Terms and Disclosure Terms and Codes of Conduct and whatnot.

The SECURITY.md files in your GitHub repos only mention the email address. Can researchers like this one report issues via email and get a response, or not?

    May 08, 2026    PromptArmor discloses to OpenAI via email
    May 08, 2026    OpenAI sends an automated reply, confirming the intended reporting channel
    May 08, 2026    PromptArmor confirms email preference
    May 12, 2026    PromptArmor follows up
    May 18, 2026    PromptArmor follows up

0 comments

da_grift_shift

No comments yet

Contribute on Hacker News ↗