Details

Akamai CDN

The Akamai Bug Bounty Program currently operates as a soft-launch, invite-only, semi-private program. At this time, we are primarily interested in findings relating to the CDN, the communications between our proxy layer and the origins, and the HTTP protocol layer. The specific scopes are available to invited hackers, and we hope to broaden our coverage and program scope in the future. If you are interested in joining the program, please reach out via email to [email protected]; please include a brief summary of your CDN and HTTP related hacking experience.

If you are a researcher working on e.g., a paper for publication at a conference or in a journal and are looking to explore the impact of your work on Akamai's CDN, we may be able to set up domain name that points to an origin server of your choice for the duration of your research. As this is a manual effort, we need to work with you on the specifics and cannot guarantee a custom configuration. However, we will try our best to find a way to help you with your research. Please reach out to us per email at [email protected] to discuss your needs.

In addition, we are grateful for reports of particularly important findings for assets that are not listed as explicitly within scope. If an out-of-scope finding is deemed to be critical by Akamai, it may be rewarded in line with our commitments for in-scope assets.

Do not attempt to target Akamai customers or their domains (even if served via Akamai), including origins, denial-of-service (DoS), social engineering attacks, phishing attacks, or physical attacks.

Akamai Connected Cloud / Linode

For findings relating to our Akamai Connected Cloud / Linode offering, please use our separate Linode Bug Bounty Program.

Other Findings

To report any and all other security issues to Akamai, please e-mail [email protected]. If you wish to PGP encrypt your message, our PGP public key is available here.