Tous les articles

We're putting our security to the test, and we want your help

Quincy Castro, CISO, and Alex Burrage, Director, Product Security

One of the hardest things in security is staying honest about your own posture. Internal teams build familiarity with what they've built. They know where the guardrails are. Over time, that familiarity becomes a blind spot.

The threat environment doesn't have that problem. Not only has AI made attackers faster, but it's also changed who gets to be an attacker. Meanwhile, the exploit window keeps shrinking — 28% of CVEs are now being exploited within 24 hours of disclosure. The supply chain is a primary target: malicious packages on public repositories increased by 75% last year, with attacks like Shai-Hulud compromising over 500 npm packages and exposing secrets across nearly 500 organizations.

Chainguard's job is to be a trusted source of truth in that environment. We ship verified, hardened open source artifacts that customers build on. The moment we stop questioning whether that trust is warranted — whether it holds up under real adversarial pressure — is the moment we become a liability instead of a defense.

So we brought in outside researchers to try to break what we've built.

We're running a bug bounty event with Bugcrowd from July 6–27, with up to $200,000 in bounty for researchers who find real vulnerabilities in Chainguard's infrastructure and products. We're doing it because assuming nothing is broken — without testing that assumption — is exactly the kind of thinking that gets organizations compromised.

AI-enabled adversaries increased attack volume by 89% year over year. The median time between initial access and follow-on exploitation is now 22 seconds. At that pace, self-assessment isn't a security strategy.

If you're a security researcher who wants to test serious infrastructure — and get paid well if you find something — applications are open now.

Share this article

Articles connexes

Vous souhaitez en savoir plus sur Chainguard?

Contactez-nous