Skip to main content

Cerebras Responsible Disclosure Policy

Overview

We take the security of our systems, infrastructure, and customer data seriously. We welcome reports from the security community to help us identify and remediate vulnerabilities in a responsible manner.

This program outlines how to report vulnerabilities, what is in scope, and how we work with researchers to resolve issues.

Our Commitment

If you act in good faith and in accordance with this policy, we commit to:

  • Acknowledge receipt of your report within a reasonable timeframe
  • Investigate and validate reported vulnerabilities
  • Take action to address and remediate confirmed issues based on risk and impact
  • Communicate status updates during the remediation process
  • Not pursue legal action against researchers acting in compliance with this policy

In Scope Systems

This program applies to vulnerabilities in:

  • Public facing applications and services
  • APIs and inference endpoints
  • Authentication and authorization mechanisms
  • Data access controls and isolation boundaries
  • Infrastructure components directly supporting our services

Out of Scope

The following are explicitly out of scope for this program:

Model Specific Issues

  • Prompt injection or jailbreak attempts
  • Hallucinations or incorrect model outputs
  • Content policy bypasses
  • Model alignment or safety issues
  • Bias, fairness, or ethical concerns

Denial of Service (DoS) Testing

  • Any form of traffic flooding, resource exhaustion, or service degradation attempts
  • Distributed Denial of Service (DDoS) simulation
  • Load testing or stress testing without explicit authorization

These activities can impact availability and are strictly prohibited.

Other Exclusions

  • Social engineering (phishing, vishing, etc.)
  • Physical attacks or attempts
  • Issues requiring access to customer accounts you do not own
  • Vulnerabilities in third-party services not controlled by Cerebras Systems.

Testing Guidelines

To ensure safety and integrity of our systems and users:

You must:

  • Avoid accessing, modifying, or exfiltrating user data
  • Stop testing immediately upon discovering sensitive data exposure
  • Use the minimum level of interaction required to validate a vulnerability

You must not:

  • Disrupt services or degrade performance
  • Attempt privilege escalation beyond proof-of-concept
  • Persist access or establish backdoors

Legal Safe Harbor

We will not pursue legal action against individuals who:

  • Follow this policy in good faith
  • Do not exploit vulnerabilities beyond what is necessary for proof-of-concept
  • Do not violate applicable laws or compromise user privacy

Recognition

We appreciate contributions from the security community. At this time, we do not offer a public bug bounty program, but we may acknowledge researchers who responsibly disclose valid issues.

Reporting a Vulnerability

Please allow us reasonable time to investigate and remediate before public disclosure. We will coordinate with you on disclosure timelines when applicable.

Include the following details:

  • Description of the vulnerability
  • Steps to reproduce (clear and concise)
  • Proof-of-concept (code, screenshots, or logs)
  • Potential impact and affected systems

Follow

Get Updates

Company

News

Insights

Performance comparisons are based on third-party benchmarking or internal testing. Observed inference speed improvements versus GPU-based systems may vary depending on workload, configuration, date and models being tested.

info@cerebras.ai

1237 E. Arques Ave
 Sunnyvale, CA 94085

© 2026 Cerebras.
All rights reserved.