Meta
Meta
FacebookInstagramXYouTube
Meta Bug Bounty
Meta Bug Bounty overviewLeaderboardsProgram scopeProgram termsHacker Plus benefitsHacker Plus terms
Program tools
SSRF validatorTest accountsFBDLAccess token debuggerGraph API explorer
Payout guidelines
Payout guidelines overviewMobile remote code executionAccount take-overMeta hardware devicesServer side request forgery (SSRF)Platform privacy assertions2FA bypassContact point deanonymizationPage admin disclosureCross-site leaks
Data Abuse program
Data Abuse program overviewData Abuse termsReport abuseManage reports
Site terms and policies
Privacy policyTermsCookie policy
Meta Bug Bounty
Meta Bug Bounty overview
Leaderboards
Program scope
Program terms
Hacker Plus benefits
Hacker Plus terms
Program tools
SSRF validator
Test accounts
FBDL
Access token debugger
Graph API explorer
Payout guidelines
Payout guidelines overview
Mobile remote code execution
Account take-over
Meta hardware devices
Server side request forgery (SSRF)
Platform privacy assertions
2FA bypass
Contact point deanonymization
Page admin disclosure
Cross-site leaks
Data Abuse program
Data Abuse program overview
Data Abuse terms
Report abuse
Manage reports
Site terms and policies
Privacy policy
Terms
Cookie policy
Meta Bug Bounty
Meta Bug Bounty overview
Leaderboards
Program scope
Program terms
Hacker Plus benefits
Hacker Plus terms
Program tools
SSRF validator
Test accounts
FBDL
Access token debugger
Graph API explorer
Data Abuse program
Data Abuse program overview
Data Abuse terms
Report abuse
Manage reports
Payout guidelines
Payout guidelines overview
Mobile remote code execution
Account take-over
Meta hardware devices
Server side request forgery (SSRF)
Platform privacy assertions
2FA bypass
Contact point deanonymization
Page admin disclosure
Cross-site leaks
Site terms and policies
Privacy policy
Terms
Cookie policy
Meta Bug Bounty
Meta Bug Bounty overview
Leaderboards
Program scope
Program terms
Hacker Plus benefits
Hacker Plus terms
Program tools
SSRF validator
Test accounts
FBDL
Access token debugger
Graph API explorer
Payout guidelines
Payout guidelines overview
Mobile remote code execution
Account take-over
Meta hardware devices
Server side request forgery (SSRF)
Platform privacy assertions
2FA bypass
Contact point deanonymization
Page admin disclosure
Cross-site leaks
Data Abuse program
Data Abuse program overview
Data Abuse terms
Report abuse
Manage reports
Site terms and policies
Privacy policy
Terms
Cookie policy
Legal
* All payout amounts are in USD

©2025 Meta.

META BUG BOUNTY

teeCTF

Coming soon

Welcome to teeCTF — a collaborative security challenge focused on uncovering real-world vulnerabilities in Trusted Execution Environments (TEEs).

We invite elite security researchers to push the limits of AMD SEV-SNP and other emerging TEE technologies.

Why teeCTF?

Confidential Computing is becoming the foundation for secure data processing. Technologies like AMD SEV-SNP offer hardware-level protection, but they must be battle-tested.

That’s where teeCTF comes in.

Unlike traditional bug bounty programs or internal audits, teeCTF provides:

  • Hands-on access to real TEE infrastructure (including bare-metal AMD SEV-SNP instances via Meta)
  • Flag-based challenges that prove exploitability
  • Transparent, public submission logs and leaderboards

What Makes teeCTF Unique?

  • Collaborative Disclosure – teeCTF encourages responsible disclosure to vendors like AMD and the Linux kernel team.
  • Open Source CTF Infrastructure – Built on Google’s proven platform, enabling efficient management of flag validation, attestation, and submission tracking.
  • Joint Effort Between Meta and Google – Meta provides access to SEV-SNP test environments. Both companies co-fund vulnerability rewards.

Vulnerability Reporting Process

Exploitation & Flag Retrieval
Exploit a vulnerability in the teeCTF test environment (e.g., AMD SEV-SNP) to obtain the secret flag, proving a meaningful security break.
Flag Submission
Submit the flag through the teeCTF platform. The system automatically validates the flag and prevents duplicates.
Public Log Update
Once validated, the public submission log is updated with key details: flag ID, firmware version, timestamp, exploit hash, status, and (if applicable) a reserved CVE.
Vulnerability Reporting to Vendor
You must report full vulnerability details directly to the affected vendor (e.g., AMD). If the issue affects the guest OS, also report to maintainers like the Linux kernel team.
Vendor Acknowledgement & Fix
The vendor acknowledges receipt, begins remediation, and notifies users once a fix is available.
Claiming a CVE
When the vendor assigns a CVE, return to the teeCTF form to associate your submission with that CVE. This secures your place as the discoverer in the system log.
Disclosure
The vendor and/or participant publicly discloses the vulnerability, typically at the time of CVE publication.
Exploit Code Submission
30 days after disclosure, submit your exploit code as a pull request. If the original discoverer doesn’t submit within 7 days of disclosure, others may contribute working exploits for that CVE.
Reward Payment
Once the code is validated and all steps are complete, a reward notification is issued. Final reward amounts depend on the impact and scope of the vulnerability.
Skip to main content
Meta
Meta Bug Bounty
Tools
Leaderboard
Learn
Submit a report