Security & Hall of Fame

At TwentyOne, we take the security of our users very seriously. We deeply appreciate the cybersecurity community that helps us keep the platform bulletproof.

Responsible Disclosure Policy

We highly value the time and talent of researchers. Currently, we do not offer financial compensation (Bug Bounty) for reporting vulnerabilities. However, we grant public and indefinite recognition in this Hall of Fame to those who report valid flaws to us.

Advanced Penetration Testing

Investigation is permitted as long as it does not affect user data or degrade system performance. If you wish to use automated tools, aggressive scanners, or perform tests that could compromise stability, you must request prior approval by sending your action plan to:

info@twentyoneportfolio.com

Recognized Researchers

Sohail Ahmed

Security Researcher

sohailahmed0x001@gmail.com

Independent web application security and Bug Bounty specialist. His analytical work helped proactively fortify our platform's authentication systems.

  • Reported: June 19, 2026
  • Mitigated in version: v2.6.3 (Beta)
  • Resolved findings:
    Session Replay on Logout
    Weak Password Policy

Help us improve TwentyOne and secure your place in our Hall of Fame.

Found a vulnerability?

Security is a collaborative effort. If you have discovered a valid attack vector, contact us immediately so we can protect our community.

Contact Security

Privacy & Cookies Preference

We use anonymous analytics to improve your experience. No financial data is ever shared. Read Policy.