Ensuring the security and integrity of the Twilio platform is critical to the service we provide to you. We are committed to providing a secure product and appreciate your help in responsibly identifying ways for us to improve Twilio. To that end, Twilio accepts vulnerability reports from all sources such as independent security researchers, industry partners, vendors, customers, and consultants.
The Twilio security disclosure program provides two ways to report vulnerabilities in Twilio applications and online services. One way is through the Twilio Vulnerability Disclosure Program. Anyone can report vulnerabilities through this program, even if you don't meet our Twilio Bug Bounty Program requirements. To submit a vulnerability through the Vulnerability Disclosure Program, visit the Twilio Vulnerability Disclosure Program page. Though this program doesn't offer monetary rewards, we appreciate your contributions.
Since 2015, Twilio has partnered with the global security research community to surface and respond to vulnerabilities through its Bug Bounty program. Twilio offers this Bug Bounty program through the Bugcrowd platform. Participants can earn rewards for reporting vulnerabilities to us through this program. To see the terms of the program and participate, go to Bugcrowd and sign up as a tester. You'll need to accept the Twilio Terms of Service to engage in testing. If you have identified a vulnerability, please report it via Bugcrowd to be eligible for a reward.
The contribution of ethical researchers is greatly appreciated. As of March 17, 2025, here are the top five researchers who helped us improve security at Twilio in 2024 and the associated number of valid submissions.
Finally, to report any SendGrid service-specific abuse, please go to our spam/phishing reporting page. For all inquiries and document requests regarding Twilio security, check out our Twilio and Twilio Segment Trust Centers.