Rogo

Rogo

@rogo
Live

Maximum reward

$25,000

Severity

Max. Reward

Critical

$25,000

High

$10,000

Medium

$1,000

Deposit required

$50

Findings submitted

0

Start date

25 Jun 2026

Please sign in as a researcher to join the bounty.

Log in
InstructionsScope

Rogo is an AI platform built for financial professionals, delivering AI-powered research, analysis, and workflow automation. The platform is accessed through a web application at app.rogo.ai and a companion iOS app.

Severity Definitions

The following impact definitions guide severity classification for this program:

  • Critical: Leads to severe loss of user data, permanent system disruption, or widespread compromise.
  • High: Causes notable financial loss or significantly harms user trust, but on a lesser scale than Critical.
  • Medium: Results in limited financial damage or moderate system impact.
  • Low / Informational: Minimal direct risk but may indicate areas for improvement.

In addition to the above definitions, we will also use the Cantina Bug Bounty Severity Classification Framework to determine severity.

Prohibited Actions

  • No Unauthorized Testing on Production Environments: Do not perform testing that could disrupt service, degrade availability, or affect other users' data. Limit testing to your own accounts and the minimum activity needed to demonstrate an issue.
  • No Public Disclosure Without Consent: Do not publicly disclose details of any vulnerability before it has been addressed and you have received written permission to disclose.
  • No Exploitation or Data Exfiltration: Do not exploit the vulnerability beyond the minimum steps necessary to demonstrate the issue. Do not access private data, engage in social engineering, or disrupt service.
  • No Conflict of Interest: Individuals currently or formerly employed by Rogo Technologies, Inc., or who contributed to the development of the affected code, are ineligible to participate.

Eligibility

To be eligible for a reward, you must:

  • Be the first to report a previously unknown, non-public vulnerability within scope.
  • Provide sufficient information to reproduce and fix the issue.
  • Not have exploited the vulnerability in a malicious manner.
  • Not have disclosed the vulnerability to third parties prior to receiving permission.
  • Comply with all Program rules and applicable laws.

You must also be of legal age in your jurisdiction and not reside in a country under sanctions or restrictions, as required by applicable laws.

Disclosure Requirements

Please report vulnerabilities directly through the Cantina platform. Include:

  • A clear description of the vulnerability and its impact.
  • Steps to reproduce the issue (proof of concept preferred).
  • Conditions under which the issue occurs.
  • Potential implications if exploited.

Reports should be made as soon as possible - ideally within 24 hours of discovery.

Other Terms

By submitting a report, you grant Rogo Technologies the rights necessary to investigate, mitigate, and disclose the vulnerability. Reward decisions and eligibility are at the sole discretion of Rogo Technologies. The terms, conditions, and scope of this Program may be revised at any time. Participants are responsible for reviewing the latest version before submitting a report.