Security

Updated September 4, 2024

Groq is committed to securing and protecting our customers and their data. We take measures to proactively safeguard against security risks using industry standard practices. We are committed to addressing security issues in a timely and responsible manner.

Reporting Vulnerabilities

We encourage collaboration with the external security researcher community to help us identify and responsibly report security vulnerabilities in Groq products and systems. Groq, in its discretion, may credit or reward security researchers who find verifiable and unique vulnerabilities.

Groq would appreciate the ability to investigate and verify a potential vulnerability, so we ask that you privately report a vulnerability before releasing it to the public. If you would like to report a suspected vulnerability or to find out more about our vulnerability management practices, please email [email protected].

Guidelines for Researchers

We request security researchers to adhere to the following guidelines:

  • You are at least 18 years of age, or have a parent’s or legal guardian’s permission prior to reporting.
  • You are not a resident of a United States Government embargoed country or on a list of sanctioned individuals.
  • Make a good faith effort to avoid privacy violations, destruction of data, and interruption or degradation of our services.
  • Do not modify or access data that does not belong to you.
  • Provide details of an original and previously unreported vulnerability, including information needed to reproduce and validate the vulnerability and a Proof of Concept (POC).
  • Provide Groq reasonable time to correct the issue before making any information public.

Third-Party Products

If any reported issue affects a third-party library, external project, or another vendor, Groq reserves the right to forward details of the issue to that party without further discussion with the researcher. We will do our best to coordinate and communicate with researchers through this process.

All submissions will be governed by Groq’s Terms of Use.

Out of Scope Vulnerabilities

Core Ineligible Findings: https://docs.hackerone.com/en/articles/8494488-core-ineligible-findings

Issues related to the content of model prompts and responses are out of scope

Examples of safety issues which are out of scope

  • Jailbreaks/Safety Bypasses (e.g. DAN and related prompts)
  • Getting the model to say bad things to you
  • Getting the model to tell you how to do bad things
  • Getting the model to write malicious code for you

Model Hallucinations are also out of scope

  • Getting the model to pretend to do bad things
  • Getting the model to pretend to give you answers to secrets
  • Getting the model to pretend to be a computer and execute code