What very likely happened here is you received good faith security research by email and you forced the researcher to submit through HackerOne or Bugcrowd or whatever, which mandates their compliance with Platform Terms and Disclosure Terms and Codes of Conduct and whatnot.
The SECURITY.md files in your GitHub repos only mention the email address. Can researchers like this one report issues via email and get a response, or not?
May 08, 2026 PromptArmor discloses to OpenAI via email
May 08, 2026 OpenAI sends an automated reply, confirming the intended reporting channel
May 08, 2026 PromptArmor confirms email preference
May 12, 2026 PromptArmor follows up
May 18, 2026 PromptArmor follows up
>"Google investing $40B in Anthropic while also competing against them is the most Silicon Valley thing I've ever seen. These companies will fund their own competition just to make sure they have a seat at the table when it wins. Also $800B valuation for a company that hasn't IPO'd yet?? We are so cooked."
The [THING] has been living rent-free in my head since [YEAR]. Also the fact that [THING]. No [X]. No [Y]. No [Z]. Just: [A]. Absolute [HYPERBOLE] energy.
At least this comment didn't have the double quotes left in ˙ ͜ʟ˙
reply