We run autonomous attackers for a living, so we take this seriously. brink is pre-launch — there's no production service or live security program yet. A formal disclosure and bounty program launches alongside the production product. Until then, if you've found a security issue affecting brink's infrastructure or code, the policy below tells you how to report it.
Email security@usebrink.com. If you'd like to encrypt your report, use our PGP key below.
We will not pursue or support legal action against researchers who report findings in good faith and within this policy. You may not, in the course of a test, intentionally exfiltrate data, degrade availability, or share details publicly until we have remediated and you have received written acknowledgment. Disclosure timeline: 90 days from report or 14 days from remediation, whichever comes first.