Skip to contentSkip to navigationSkip to topbar
On this page

Reporting Security Vulnerabilities


Ensuring the security and integrity of the Twilio platform is critical to the service we provide to you. We are committed to providing a secure product and appreciate your help in responsibly identifying ways for us to improve Twilio. To that end, Twilio accepts vulnerability reports from all sources such as independent security researchers, industry partners, vendors, customers, and consultants.


Vulnerability disclosure program

vulnerability-disclosure page anchor

The Twilio security disclosure program provides two ways to report vulnerabilities in Twilio applications and online services. One way is through the Twilio Vulnerability Disclosure Program. Anyone can report vulnerabilities through this program, even if you don't meet our Twilio Bug Bounty Program requirements. To submit a vulnerability through the Vulnerability Disclosure Program, visit the Twilio Vulnerability Disclosure Program page(link takes you to an external page). Though this program doesn't offer monetary rewards, we appreciate your contributions.


Bug bounty program

bug-bounty page anchor

Since 2015(link takes you to an external page), Twilio has partnered with the global security research community to surface and respond to vulnerabilities through its Bug Bounty program. Twilio offers this Bug Bounty program through the Bugcrowd platform. Participants can earn rewards for reporting vulnerabilities to us through this program. To see the terms of the program and participate, go to Bugcrowd(link takes you to an external page) and sign up as a tester. You'll need to accept the Twilio Terms of Service to engage in testing. If you have identified a vulnerability, please report it via Bugcrowd to be eligible for a reward.

The contribution of ethical researchers is greatly appreciated. As of March 17, 2025, here are the top five researchers who helped us improve security at Twilio in 2024 and the associated number of valid submissions.

Finally, to report any SendGrid service-specific abuse, please go to our spam/phishing reporting page(link takes you to an external page). For all inquiries and document requests regarding Twilio security, check out our Twilio(link takes you to an external page) and Twilio Segment(link takes you to an external page) Trust Centers.