Bug Bounty Program

Help us keep MIA AI secure. Report vulnerabilities and earn rewards in $MIA tokens.

Work in Progress

The Bug Bounty program is currently being set up. Reward amounts are TBD (To Be Determined) and will be announced soon. All confirmed vulnerabilities will be retroactively rewarded once the program is finalized.

*

Severity Levels & Rewards

CRITICAL$ TBD in $MIA

Vulnerabilities that could lead to complete system compromise or significant data breach.

Examples:

Remote code execution (RCE)
SQL injection leading to data exfiltration
Authentication bypass allowing access to any account
Access to admin panel without credentials
Unauthorized access to other users' private data or messages
API key exposure or theft
HIGH$ TBD in $MIA

Vulnerabilities that significantly impact security but require specific conditions.

Examples:

Stored Cross-Site Scripting (XSS)
Cross-Site Request Forgery (CSRF) on sensitive actions
Privilege escalation between user roles
Rate limit bypass enabling abuse
Session hijacking or fixation
Insecure direct object references (IDOR)
MEDIUM$ TBD in $MIA

Vulnerabilities with limited impact or requiring user interaction.

Examples:

Reflected Cross-Site Scripting (XSS)
Information disclosure (non-sensitive data)
Denial of Service (DoS) attacks
Prompt injection affecting other users' conversations
Memory injection allowing malicious public memories
Clickjacking on sensitive pages
LOW$ TBD in $MIA

Minor vulnerabilities with minimal security impact.

Examples:

Self-XSS (requires victim to paste malicious code)
Minor information leaks (software versions, etc.)
UI/UX security issues
Missing security headers (non-critical)
Verbose error messages
Username enumeration

Program Rules

In Scope

  • mia.ag web application
  • Authentication and session management
  • Chat and messaging functionality
  • Memory system (public/private)
  • API endpoints
  • Voice integration

Out of Scope

  • Third-party services (xAI, Cloudflare, etc.)
  • Social engineering attacks
  • Physical attacks
  • DoS attacks that disrupt service
  • Automated scanning without permission

Submission Guidelines

  • Provide clear description of the vulnerability
  • Include step-by-step reproduction steps
  • Document potential impact
  • Include proof of concept (screenshots, videos, code)
  • Do not access or modify other users' data
  • Do not publicly disclose before fix is deployed

$MIA Token

All bug bounty rewards will be paid in $MIA Token on Solana.

Contract Address

FyPDfX92B4uEk4zZouy96d1Kk1LgnCznBpzAFSsZpump

View on pump.fun

Submit a Report

Found a vulnerability? Reach out to us on X for now. A dedicated submission portal is coming soon.

Contact @miao_xAI