Porsche Bug Bounty programme returns on 18 August 2025

Porsche is set to launch the third round of its Bug Bounty programme on 18 August 2025, inviting ethical hackers to identify IT vulnerabilities and enhance security.

Porsche is preparing for the third phase of its Bug Bounty programme, aimed at strengthening the protection of the company’s digital systems. On 18 August 2025, cybersecurity researchers from around the world will once again have the opportunity to test the carmaker’s IT infrastructure for vulnerabilities.

The initiative operates under strict rules: specialists working within the framework of ethical hacking search for potential weaknesses and report them, preventing possible exploitation by malicious actors. Verified findings are rewarded financially.

The experience of the first two rounds proved more than successful. Several hundred researchers discovered dozens of vulnerabilities of varying severity — from XSS attacks to server configuration flaws and API issues. These findings helped to enhance the resilience of not only Porsche’s web services and mobile applications but also some automotive IT systems, including remote access functions.

The programme is carried out via specialised platforms such as HackerOne, where participation rules and reward scales are published. Special attention is given to safety when testing systems related to vehicle control, with such checks conducted in controlled conditions.

The third round introduces a significant addition — integrated artificial intelligence. It automates the sorting and prioritisation of reported vulnerabilities, cross-checks them with international CVE databases, and speeds up the review process, directly impacting response times and payouts.

Jörg Möbes, Director of Information Security at Porsche AG, emphasises that in the current climate of growing cyber threats, such initiatives allow potential weaknesses to be identified in time and serve as an important complement to existing protection measures. Based on the experience of previous stages, it is likely that the new round will not only strengthen Porsche’s cybersecurity but also serve as an example for other car manufacturers on how to effectively integrate the global expert community into the security process.