Neuralink Vulnerability Disclosure Program

Welcome to the Neuralink Vulnerability Disclosure Program. This program encourages responsible security research and reporting of security vulnerabilities in our services. We appreciate the help of the security community in identifying and addressing potential threats. By participating in this program, you help us maintain a safer environment for our users.

To report a potential security vulnerability in one of our services, please email vulnerability-disclosure@neuralink.com and provide the following details:

• A clear and concise description of the vulnerability, including proof-of-concept (if applicable);
• When, where, and how the vulnerability was discovered;
• Any additional information you think will be helpful to us, including details on the testing environment and tools used to conduct the testing; and
• Your contact information, including name(s), email address and/or phone number so we can follow up with you

Once a report is submitted, Neuralink will promptly acknowledge receipt of the report, investigate the potential vulnerability, and keep you reasonably informed of the status of any validated vulnerability you report through this program. We may publicly acknowledge your contribution to improve the security of our services, subject to your agreement.

This program is designed to be compatible with common vulnerability disclosure good practice. Researchers shall disclose potential vulnerabilities in accordance with the following guidelines:

• Comply with all laws and regulations when conducting your research.
• Do not engage in any activity that can potentially or actually cause harm to Neuralink, our users, our employees, or any third-party.
• Do not engage in any activity that can potentially or actually stop or degrade Neuralink services or assets.
• Do not download, copy, disclose, corrupt, or prevent access or use any proprietary or confidential Neuralink or third-party data, including user data.
• Do not disclose any discovered vulnerabilities publicly before they are resolved by Neuralink.

If you have any questions or need further clarification regarding this program, please contact us at vulnerability-disclosure@neuralink.com.

Thank you for your participation in the Neuralink Vulnerability Disclosure Program. Together, we can enhance the security of our services and protect our users' data.