Disclose a Vulnerability

We make every effort to secure our customers’ data and eliminate any potential security vulnerabilities on our platform. However, it is possible that a vulnerability may be introduced inadvertently and may be noticed by a security researcher or a user of our platform.

If this occurs, we ask that the person who discovers the vulnerability exercise responsible disclosure and alert our team to the issue privately so that we can respond appropriately to ensure the security of our platform and the protection of our customer’s data.

If you discover a security vulnerability on our platform, please send an email to [email protected] to disclose the vulnerability. Include the full details of the vulnerability as well as sufficient information so that our Engineering team can get in touch with you if they need additional information.

Does Kinsta have a bug bounty program?

Kinsta does not have a bug bounty program.

Bug bounty programs may lead to the discovery of significant vulnerabilities. However, they do also tend to attract attention from a small subset of security researchers who are more interested in extorting a company for financial gain than in improving the security of the platform they are researching. As a result, it is Kinsta’s policy not to pay for the disclosure of security vulnerabilities.

How are security vulnerability reports handled?

Kinsta’s Engineering team reviews all submitted reports of security vulnerabilities on a daily basis. Each report is evaluated, and our team determines if an actual vulnerability exists.

When an actual vulnerability is discovered, our team will work to resolve the vulnerability as soon as possible.

While our team may reach out to you to gather more information following the submission of a security vulnerability report, we cannot guarantee that we will be able to respond to each submitted report.

AI-assisted vulnerability discovery

Has Kinsta looked at whether AI-assisted vulnerability discovery tools increase the risk to its products or services?

Yes. We keep a close eye on developments in AI-assisted vulnerability discovery as part of our ongoing security and vulnerability management work.

AI tools have increased both the volume of vulnerabilities being found and, in some cases, surfaced new classes of vulnerabilities that might otherwise have taken longer to emerge. But the same shift has happened on our side too. Our engineering and security workflows are faster than they used to be. When something is found, we can assess, prioritize, and deploy a fix across our infrastructure significantly faster than before.

When you factor in both sides, more vulnerabilities being discovered, but faster remediation across the board, the overall risk to Kinsta’s platform and our customers hasn’t changed. We’re finding more, fixing more, and we’re faster too.

How are risks identified, prioritized, fixed, and tracked?

All vulnerabilities, regardless of how they’re found or reported, go through the same process:

  • Identification and validation of the reported issue.
  • Risk-based prioritization based on severity and potential customer impact.
  • Remediation through our standard engineering and security workflows.
  • Tracking through to resolution and verification.

We continue to evaluate new security technologies and threats, including AI-assisted techniques where relevant. Any internal use of AI is governed by Kinsta’s internal AI policies.

We also continue to invest in platform-level protections against automated and malicious traffic, including bot protection capabilities that help reduce exposure to a broad range of automated attacks.

Like any platform, we continuously identify and remediate vulnerabilities as part of our normal security practices. We also use a combination of established and emerging security testing techniques, including limited AI-assisted tooling in engineering, to help identify opportunities for platform hardening.

Our team is set up to respond quickly when issues do come up, both reactively when something is reported and proactively through continuous monitoring and testing. Should a situation ever require customer notification or action, it would be handled through our standard incident response and customer communication processes.

Was this article helpful?

© 2013 - 2026 Kinsta Inc. All rights reserved. Kinsta®, MyKinsta®, DevKinsta®, and Sevalla® are trademarks owned by Kinsta Inc.The WordPress® trademark is the intellectual property of the WordPress Foundation, and the Woo® and WooCommerce® trademarks are the intellectual property of WooCommerce, Inc. Uses of the WordPress®, Woo®, and WooCommerce® names in this website are for identification purposes only and do not imply an endorsement by WordPress Foundation or WooCommerce, Inc. Kinsta is not endorsed or owned by, or affiliated with, the WordPress Foundation or WooCommerce, Inc. Legal information