Rules and Bug Reporting
Project 2501 is a controlled AI security training environment. These rules apply to every user, account, lab, event, course, and organization that uses the platform.
Stay inside the platform scope
Only test Project 2501 lab targets, dashboard functions, files, APIs, VPN routes, and other systems you are explicitly allowed to use. Do not scan, attack, or probe third-party systems from the platform.
Use the VPN and lab targets as intended
Lab services are intentionally vulnerable. Access them through your assigned VPN gateway and do not expose, mirror, proxy, or forward them to public networks.
Protect other users
Do not access, disrupt, impersonate, enumerate, or attempt to modify another user's account, VPN profile, lab state, submissions, files, or progress.
No real-world harm
Do not use the training content, payloads, model prompts, code, or techniques to compromise systems, evade security controls, harvest data, or perform unauthorized testing.
Keep secrets and flags private
Do not publish flags, challenge answers, platform secrets, private URLs, credentials, VPN configs, or exploit chains that would spoil labs or put the service at risk.
Report platform issues responsibly
If you find a platform bug or security issue, report it privately to contact_p2501@proton.me and give maintainers time to fix it before sharing details publicly.
Report bugs, access problems, broken labs, and security issues privately to contact_p2501@proton.me.
Keep testing minimal. Do not exfiltrate data, persist access, disrupt service, or test against other users. Stop as soon as you have enough evidence to explain the issue.
Include a private proof of concept, impact summary, and affected route or component. Do not publish details until the maintainers confirm that disclosure is safe.
Read full terms