Product Security at Cruise

Product security at Cruise focuses on securing our applications, vehicles, infrastructure, and developer solutions. These teams are also responsible for triaging any flaw that might be submitted internally or by external third parties. 

Disclosure at Cruise

In the spirit of our mission to safely connect people with the places, things, and experiences they care about, the Security team at Cruise is committed to addressing any issues identified by the broader security community. If you believe you have discovered a vulnerability in our applications, platforms, or vehicles, please reach out to security@getcruise.com.

You should include the following details in your email: 

  • Vulnerability details, including a potential impact description

  • How the issue was originally identified, and steps we can take to verify it

  • Where relevant, screenshots or a code sample will help us remediate the issue quickly

Cruise does not currently offer payment for disclosed vulnerabilities at this time. 

Any issues identified with privately-owned GM vehicles can be reported here, in accordance with GM guidelines on research and disclosure.