All templates

AI Bug Bounty: Scope, Fairness & Incentive Evaluation

An internal stakeholder survey evaluating scope clarity, decision fairness, and incentive effectiveness in your AI bug bounty program over the past 6 months to guide program improvements.

Sample questions

A preview of what’s in the template. Every question is editable before you launch.

25 questions · ~11 min
Q01
Message

Welcome! This brief survey collects your feedback on fairness, scope clarity, and incentive design in our AI bug bounty program over the past 6 months. Your responses are confidential and will be reported in aggregate only. There are no right or wrong answers—we value your honest perspective. The survey takes approximately 8–10 minutes. Participation is voluntary, and you may stop at any time.

Q02
Multiple Choice

In what ways are you involved with the AI bug bounty program? (Select all that apply.)

  • Program owner/manager
  • Security/AppSec
  • Engineering/Platform
  • AI/ML
  • Legal/Compliance
  • Trust & Safety
  • Procurement/Vendor management
  • Product/UX
  • Executive sponsor
  • Not directly involved but aware of the program
Q03
Opinion Scale

How clear are the program's overall objectives to you today?

Scale: 17
Min:Not at all clearMax:Extremely clear
Q04
Opinion Scale

Thinking about the last 6 months, how fair overall have our bounty decisions been?

Scale: 17
Min:Very unfairMax:Very fair
Q05
Multiple Choice

Which incentives most motivate high-quality submissions? (Select up to 3.)

  • Cash bounties
  • Public recognition/leaderboard
  • Private recognition (internal kudos)
  • Swag/merchandise
  • Invitation-only access or beta programs
  • Faster coordinated disclosure timelines
  • Access to datasets/APIs/sandboxes
  • Higher severity multipliers/bonuses
  • Charity donation option
Q06
Multiple Choice

Which changes would most improve fairness and clarity in the program? (Select up to 3.)

  • Publish clearer severity examples
  • Share payout ranges by severity
  • Standardize triage SLAs
  • Provide a scope decision tree
  • Add public case studies
  • Introduce independent review for disputes
  • Expand test environment access
  • Increase frequency of scope updates
Q07
Opinion Scale

How likely are you to recommend our AI bug bounty program to an external security researcher?

Scale: 010
Min:Not at all likelyMax:Extremely likely
Q08
Dropdown

How long have you worked at this company?

  • Less than 6 months
  • 6–12 months
  • 1–3 years
  • 3–5 years
  • Over 5 years
  • Prefer not to say
Q09
Message

Thank you for completing this survey. Your feedback will directly inform improvements to scope clarity, evaluation fairness, and incentive design in the AI bug bounty program.

Q10
Dropdown

How long have you been involved with or aware of the AI bug bounty program?

  • Less than 3 months
  • 3–6 months
  • 6–12 months
  • 1–2 years
  • Over 2 years
Q11
Opinion Scale

How clear is the definition of which AI/ML assets and models are in scope?

Scale: 17
Min:Not at all clearMax:Extremely clear
Q12
Opinion Scale

How consistent have severity classifications been across similar submissions?

Scale: 17
Min:Very inconsistentMax:Very consistent
Q13
Ranking

Please rank the following success metrics from most to least important for evaluating the program.

  1. Number of valid reports
  2. Reduction in repeat issues
  3. Time to triage
  4. Time to fix
  5. Researcher satisfaction
  6. Severity-weighted impact
  7. Coverage across AI components
Drag to rank
Q14
AI Interview

We'd like to explore your feedback in more depth. An AI moderator will ask you a couple of follow-up questions based on your earlier responses about the bug bounty program.

Q15
Dropdown

Which region do you primarily work in?

  • North America
  • Latin America
  • Europe
  • Middle East
  • Africa
  • South Asia
  • East Asia
  • Southeast Asia
  • Oceania
  • Prefer not to say
Q16
Opinion Scale

How clear is the definition of which vulnerability types and AI-specific attack vectors qualify?

Scale: 17
Min:Not at all clearMax:Extremely clear
Q17
Opinion Scale

How fair have payout amounts been relative to the effort and impact of submissions?

Scale: 17
Min:Very unfairMax:Very fair
Q18
Long Text

Based on your responses in this survey, please share any additional thoughts or suggestions for improving the AI bug bounty program.

Q19
Dropdown

Approximately how many bounty reports have you personally reviewed in the last 6 months?

  • 0
  • 1–5
  • 6–20
  • 21–50
  • 51+
  • Not applicable
Q20
Opinion Scale

How clear are the severity classification criteria and corresponding payout tiers?

Scale: 17
Min:Not at all clearMax:Extremely clear
Q21
Opinion Scale

How timely and communicative has the triage process been?

Scale: 17
Min:Very poorMax:Excellent
Q22
Opinion Scale

How clear are the out-of-scope exclusions and rules of engagement?

Scale: 17
Min:Not at all clearMax:Extremely clear
Q23
Opinion Scale

How fairly have duplicate or disputed reports been handled?

Scale: 17
Min:Very unfairlyMax:Very fairly
Q24
Long Text

If any scope wording feels ambiguous or incomplete, please share specific examples or phrases you would improve.

Q25
Opinion Scale

How adequate are current payout amounts relative to the effort and impact of submissions?

Scale: 17
Min:Far too lowMax:Far too high

What’s included

  • AI follow-ups

    Adaptive probes on open-ended answers that pull out detail a static form would miss.

  • Attention checks

    Built-in safeguards against rushed answers and low-quality respondents.

  • AI-drafted copy

    Wording, ordering, and branching written by the AI — tuned to your research goal.

  • Auto report

    Themes, quotes, and a plain-English summary write themselves once responses come in.

Ready to launch?

Open this template in the editor. Every part is yours to change before the first respondent sees it.

AI Bug Bounty: Scope, Fairness & Incentive Evaluation | QuestionPunk