Product security at Cruise focuses on securing our applications, vehicles, infrastructure, and developer solutions. These teams are also responsible for triaging any flaw that might be submitted internally or by external third parties.
In the spirit of our mission to safely connect people with the places, things, and experiences they care about, the Security team at Cruise is committed to addressing any issues identified by the broader security community. If you believe you have discovered a vulnerability in our applications, platforms, or vehicles, please reach out to firstname.lastname@example.org.
You should include the following details in your email:
Vulnerability details, including a potential impact description
How the issue was originally identified, and steps we can take to verify it
Where relevant, screenshots or a code sample will help us remediate the issue quickly
Cruise does not currently offer payment for disclosed vulnerabilities at this time.
Any issues identified with privately-owned GM vehicles can be reported here, in accordance with GM guidelines on research and disclosure.