Hackers must now complete identity verification and set up a payment method before completing their tax form. The platform guides them through each step and only unlocks the tax form once all prerequisites are in place.

Added a new Payment Setup page that checks Rules of Engagement, identity verification, and payment method completion status before allowing a hacker to start their tax form, and lets users complete any missing steps on this page. ID verification eligibility has also been updated for tax form purposes to require at least one valid report submission or receipt of an award.

Existing users with a valid tax form and payout method who have not completed ID verification will not be blocked from payment. However, they can go to the Payment Setup page and complete ID verification at any time, and our team may still ask them to complete ID verification when completing their reviews.

This automates the prerequisite requiring ID verification before tax form completion that was implemented last year. Our team was manually chasing missing ID verification and payment information after tax forms were submitted, delaying reviews and hacker payments. Enforcing these requirements upfront removes that friction for both our team and hackers.

Community members are getting set up to receive payments faster, and our team, who review tax form submissions, have all the information they need ahead of their review.

Navigate to Settings > Rewards and Payments > Payment Setup. Complete each prerequisite in order. Once all three are done, the tax form becomes accessible.

Documentation: Docsite - Tax Forms - Docsite - Payment Preferences

Asset Intelligence is now available for CTEM Platform Professional and Enterprise customers! It brings continuous Asset Discovery, Exposure Signal, and Hai-driven Scoping Recommendations into a unified Assets view.

We launched a more actionable Assets experience that helps teams identify external assets, understand externally observable exposure, and review recommended scope changes through Scoping Runs.

Customers need a better way to keep testing programs aligned to their current external attack surface and reduce manual, spreadsheet-driven scoping work.

Security teams running bug bounty, pentest, and CTEM workflows, especially teams responsible for asset coverage, exposure prioritization, and scope governance.

Go to the Assets page, select the assets, choose Add selection to scope, review Hai’s recommendations, then approve, adjust, or decline. Human review is always required before scope changes.