Mentorship Bug-bounty track
We are currently at capacity and unable to accept new applications for the mentorship program.

LucidBit Labs — Mentorship Program

We get a lot of queries from up-and-coming researchers. Everyone has to start somewhere.
Therefor we offer a mentorship program in which participants target public bug-bounty programs, with the aid of our senior researcgers. We provide practical guidance and advice - from choosing targets, through research methodology, and up to submitting findings. Findings can be published on our site, with proper credit. If collaboration and results are excellent, we may explore a path to joining the team.

Target Focus

We are most interested in complex systems with high-impact potential. Some examples include mobile applications, operating systems, IoT, crypto systems, common native libraries, and more. Targets should have clearly scoped bounty programs.

How It Works

  1. Apply with a short bio (background, past findings, technological stack) and set an intro call which includes a technical interview.
  2. Kickoff & plan: we help you choose programs, outline methodology, and set an initial search strategy.
  3. Research & report: you do the work; we give directional feedback and report review before submission.
  4. Disclosure & PR: after the program/target permits disclosure, we may publish a case study crediting you.

Key Details

In order to apply, you need to be over 18 and legally allowed to participate in public bounty programs and receive payouts in your jurisdiction. We have limited capacity, so we aim to select candidates with the highest potential. You should be highly passionate about software vulnerabilities and have some relevant knowledge.

Submissions & Credit

  • Default: you submit via your own HackerOne/Bugcrowd/Intigriti account and list “LucidBit Labs” (and your mentor) as collaborator where the platform allows.
  • Exceptions: if a target requires an organization/NDA submission, LucidBit may submit and name you as co-finder, subject to program rules.
  • Credit: you are the primary finder. Case studies on our site will clearly credit you (“Found by <Your Name/Handle>, mentored by LucidBit Labs”).

Revenue Share

  • Split: 60% Researcher / 40% LucidBit of net bounty
  • Net bounty: payout after platform, FX, and transfer fees shown by the platform/bank
  • No other payments are made

What You Get

  • Access to senior researchers for guidance on target selection, methodology, PoC shaping, and report quality
  • Build reputation by publishing findings on our platform
  • Opportunity to join the team
  • Access to some of our hardware & tools resources (when applicable)

Note: Mentorship is best-effort and based on availability; no fixed weekly hour guarantees.

Compliance & Ethics

  • Test only within scope and follow each program’s rules and embargoes
  • Be ethical and adhere to law: apart from program rules, do not do anything illegal or unethical.
  • Be respectful of rate limits and service availability

IP & Publicity

  • Findings are credited to the researcher(s) responsible.
  • LucidBit Labs is allowed to use findings for marketing and PR, crediting relevant researchers.
  • We never publish before the program allows disclosure

Status & Termination

  • You participate as an independent contractor (not an employee), with no fixed hours or exclusivity
  • Either party may end participation at any time (a short written notice is enough)
  • Revenue shares still apply to submissions already in triage and to bounties paid after termination for work done during the program

How We Assess Success

  • Accepted reports and severity/impact
  • Clear, reproducible reporting and professional triage communication
  • Working well with the team

How to Apply

Email [email protected] with subject “Mentorship Program". Include a brief bio, relevant links (GitHub/CTFs/reports), and any other info that may be relevant.