Mentorship Bug-bounty track

LucidBit Labs — Mentorship Program

We believe in skill over years of experience. We get a lot of queries from up-and-coming researchers, and we acknowledge everyone has to start somewhere.
Thus, we decided to offer a mentorship program in which participants target public bug-bounty programs, with the aid of our senior team. We provide practical guidance and advice - from choosing targets, through research methodology, and upt o submitting findings. Participants can also build reputation by publishing findings on our site. If collaboration and results are excellent, we may explore a path to joining the team.

Key Details

In order to apply, you need to be over 18 and legally allowed to participate in public bounty programs and receive payouts in your jurisdiction. We have limited capacity, so we aim to select candidates with the highest potential. You should be highly passionate about security research and have some relevant background either with security research or software development.

How It Works

  1. Apply with a short bio (background, findings, technological stack) and set an intro call.
  2. Kickoff & plan: we help you choose programs, outline methodology, and set an initial search strategy.
  3. Research & report: you do the work; we give directional feedback and report review before submission.
  4. Disclosure & PR: after the program/target permits disclosure, we may publish a case study crediting you.

Submissions & Credit

  • Default: you submit via your own HackerOne/Bugcrowd/Intigriti account and list “LucidBit Labs” (and your mentor) as collaborator where the platform allows.
  • Exceptions: if a target requires an organization/NDA submission, LucidBit may submit and name you as co-finder, subject to program rules.
  • Credit: you are the primary finder. Case studies on our site will clearly credit you (“Found by <Your Name/Handle>, mentored by LucidBit Labs”).

Revenue Share

  • Split: 50% Researcher / 50% LucidBit of net bounty
  • Net bounty: payout after platform, FX, and transfer fees shown by the platform/bank
  • No other payments are made

What You Get

  • Access to senior researchers for guidance on target selection, methodology, PoC shaping, and report quality
  • Build reputation by publishing findings on our platform
  • Opportunity to join the team
  • Access to some of our resources (mobile devices, fuzzing hardware, etc.)

Note: Mentorship is best-effort and based on availability; no fixed weekly hour guarantees.

Compliance & Ethics

  • Test only within scope and follow each program’s rules and embargoes
  • Be ethical and adhere to law: apart from program rules, do not do anything illegal or unethical.
  • Be respectful of rate limits and service availability

IP & Publicity

  • Findings are credited to the researcher(s) responsible.
  • LucidBit Labs is allowed to use findings for marketing and PR, crediting relevant researchers.
  • We never publish before the program allows disclosure

Status & Termination

  • You participate as an independent contractor (not an employee), with no fixed hours or exclusivity
  • Either party may end participation at any time (a short written notice is enough)
  • Revenue shares still apply to submissions already in triage and to bounties paid after termination for work done during the program

How We Assess Success

  • Accepted reports and severity/impact
  • Clear, reproducible reporting and professional triage communication
  • Working well with the team

How to Apply

Email [email protected] with subject “Mentorship Program". Include a brief bio, relevant links (GitHub/CTFs/reports), and any other info that may be relevant.