🎁 Warm Up Your Greenhouse — 5% OFF On Kits — CODE: WINTER5

GEIA.AI Security & Disclosure

Scope

This policy applies to security research related to:

  • GEIA.AI cloud services and dashboards
  • APIs and backend infrastructure
  • IoT greenhouse automation nodes and connected sensors
  • Sensors, controllers, gateways, and firmware
  • Camera systems and live streams
  • Communication protocols and data pipelines
  • IoT greenhouse security

Our Philosophy

GEIA.AI operates real-world, IoT greenhouse systems involving plants, fish, and customer environments. Security testing must therefore prioritize safety, stability, and non-interference over technical completeness.

We welcome responsible research that improves security without risking living systems, user trust, or service availability.

What We Welcome

Examples of valid, helpful reports include:

  • Authentication or authorization bypasses
  • API misconfigurations with real security impact
  • Data exposure risks
  • Firmware update or signing weaknesses
  • Network communication vulnerabilities
  • Privilege escalation paths

Reports should focus on clear security risk, not theoretical or cosmetic issues.

Strictly Prohibited Activities

The following actions are not authorized under any circumstances:

  • Denial-of-Service (DoS or DDoS)
  • Load, stress, or flood testing
  • Destructive testing (digital or physical)
  • Spear phishing, social engineering, or impersonation
  • Accessing or monitoring user cameras, sensors, or environments
  • Modifying, deleting, or exfiltrating data
  • Interfering with irrigation, lighting, feeding, climate, or automation
  • Testing that causes downtime, instability, or loss of service

Any activity that impacts users, infrastructure, crops, animals, or safety is outside the scope of permitted testing.

Safe IoT Testing Guidelines (Important)

To reduce ambiguity, safe testing is defined as:

  • Testing limited to your own accounts, devices, or environments
  • Read-only access wherever possible
  • Proof-of-concept that stops before execution on real systems
  • No automation beyond minimal verification
  • Immediate halt if unexpected behavior occurs

Living Systems Clause

  • Any testing that harms plants or animals is not permitted
  • Extremely limited impact may be acceptable only if:
    • It occurs exclusively on the researcher’s own environment
    • There is no risk of propagation to other users or systems
    • The impact is minimal, contained, and disclosed immediately

GEIA.AI retains sole discretion in determining acceptability.

Low-Value / Non-Security Reports

Please do not report:

  • Missing or non-optimal DNS records unless exploitable
  • Generic scanner findings with no demonstrated risk
  • Informational headers, cosmetic issues, or best-practice suggestions
  • Third-party scan reports without validation
  • The Eggs you found on this page – we will already know about it

Repeated reporting of non-security issues, unsolicited audits, or pressure to purchase services will be ignored.

Reporting Guidelines

When reporting a vulnerability, please include:

  • Clear description of the issue
  • Affected component (API, device, firmware, etc.)
  • Reproduction steps (non-destructive)
  • Security impact explanation
  • Evidence obtained lawfully and safely

📧 Email: security@geia.ai
🔐 PGP: https://geia.ai/pgp-key.txt

Disclosure, Rewards & Communication

  • We do not offer a bug bounty at this time (WEB1 Culture)
  • Reports are reviewed in good faith
  • We aim to acknowledge valid reports within a reasonable timeframe
  • Public disclosure requires coordination and prior consent
  • Verified researchers receive recognition on our public “Hall of Fame” with an Elite Gold Medal status and a custom entry in our intel logs.
  • You Help in improving IoT Greenhouse security and food Security!

Legal Safe Harbor

We will not pursue legal action against individuals who:

  • Act in good faith
  • Follow this policy
  • Avoid prohibited activities
  • Do not access user data or environments
  • Do not cause harm to systems or living organisms

Activities outside this policy are not authorized and may result in legal action.

GEIA.AI Security PGP Key

This PGP key is provided for encrypting sensitive vulnerability reports sent to security@geia.ai

Please use this key when reporting:

  • Authentication or authorization flaws
  • API vulnerabilities
  • IoT device or firmware weaknesses
  • Camera, sensor, or gateway exposure
  • Any report containing credentials, tokens, URLs, or exploit details

Key Owner: security@geia.ai
Verify key on PGP: By email
Usage: Responsible security disclosure only

-----BEGIN PGP PUBLIC KEY BLOCK-----
Comment: BF8C E161 D08F 0106 FA67  ED48 2E99 732B 3250 8B40

xsFNBGlEfNsBEACcx7VXGx7EVottOslUhODmbR3MG00hFU4cZW6sGuLcdBYrJemm
b3x0kiflA89sc2KhTgdriPigyjC09hudS3eUF5n7nHJLiy3Cq6d8xh+Edl1zwd4l
waxJRNxZPtgeMi/ThLs6XohvOp9HWXn2qm3btVrt0t+HR6Ll5Pe8mwnvmyhEWOPj
ClrA3E9f8/WgWd0cJsVwOPTHGKwQ1jsL3fgMIamLB0Vb7XcjcJ7KXdeBTGei/VYu
fujmrTqmvMj/egfi5BaJk6OLOFB8qTxOeMvoY6tstcFNpFyDSHCZDa3In7Z02QZh
xxicdqeJbv5h8US+JOsH8R+HIEXFHwyQUHBGuamE5AclNndnvnoxHktWm0turoqk
flejOzgsR5rmejLdgrxNvBhz1nhsGpfKz9Osg1KldNK9+ejuBhfRNpoBbug1B64k
lwIQEOYAfbtLH/s33cNGY04jIR73VTzzrlgJshd13mW+gBGaE1uF8Si+8aZJMdYL
X83CiKxopbIVmql04b+q6AMxArbhfksKN0NudzeNInkh2bbN2yHH6HvEfBqPdLUn
zINFLJgkdRUuRc8t6bv1ChwEHjyUcMvVkqLOaESAUCAPUaxy75/3Kp6UfWKRQXpl
Mau4+ABRH6F0Jh4epYEqvSIBUhp34j+zrYZADPY9/7MqO7zuiGOjOkf6bQARAQAB
zsFNBGlEfN4BEADMHUFixjlS3u8p79KhYDaK1G7q6I4+FKzpOsH0Cyq4Re35pSO/
Ysbh6J5ZpbZWG0Srw7oVyEMDm7b3c2jpPFm9dDIdOs4ZRD+vpqtGUxtOiQWRethC
caGGfZtJmsx+24qFMk0s6B/1JXrrENq+4LtqNLkiuJ4W/vdq3jyvGN1F19DlFB//
cKLOTWKIpMlEpGoX44fNvXdKwbLUTTOLTNPyzHhy+hlHcv+QsMFOSQ1Ad6Z4EwFY
EbxnnREs/oMwLP73h027wCEr5ZGK871SZG83w0eJSY3k/eYflEdMRXd8BWNtIftt
27M4+dNw/9EkkxLEjtpLHrDPo1yvMvIbA5U6+OPmhQXuMvDSB14EBdjFw0KyNKZt
rnpJIaUnrFe1+PGJZOGfRfRaYk3ayPmfZM6edqof+ihYpU2H7fbotj123sAIJ5SM
Un1jR+fjb5c/Y21YYihUQASEDSzZXQwU/X1BVNtS/ph89hiwlwV6WhuPtpSTVENG
rMzzJf9NhJzgvoi5PXAo3YUyOpFqd0x4zkO/baMh6WLsmEGNKtiN0ZLQnwD17L1f
eKAwZTyAhaEqUAtBCOokK5af9nQLhFSC/buH/XHgzvXUfY/24pLbxgq2Rs7gnHO2
CXOs9+h/xWPLXo918rVqZ1wgJGMkIPGPHx+7dNpGZXPlsQKyoW1XFmvATwARAQAB
wsF8BBgBCAAmFiEEv4zhYdCPAQb6Z+1ILplzKzJQi0AFAmlEfN8FCRLMAwACGwwA
CgkQLplzKzJQi0DsiQ/+N/9huGNVkfHT6+8ZKV9EyZkM3U4O6nZhkjQPBzX7QorC
+UIH6xW/Sf4q8I3jh+/GOV9V9U3N7nPukNyQ9oc9SmJ2oECxGNg3jME+qhR9/foE
7BIxxWU48qn6qCTyt5lhuO2iiFdHKssycnobSIniMB5n1Ng/r811vElruQzWLIx6
c7JUtE//JquBpgn9NIEgl2eIkPB/mAlyyObyIOfmKVo4JBUzKicA2ehjzCu1yUZo
OcGoqHN0kodsPYJTmHLWwRUQXHPae1it8UlfKEC3UoZHnHNLDLxvDdgLB96NIFL0
Zhf0wYdDxvnGjae7rY+PeHBN2MN/WsXPkD/L1poJMP+ifxQAjR7N8Kp7dFLOSPYO
vT2qJHbGQXFUNGWxxM/q26r3NBf7lqgrvrRyAOtqJD3+R+YHW+wI+NMIqUNPSKDJ
mv4w18ay2mc+XyizQLh+kGGKJC1ZV8I//snZjS+fb60C23N+PhuHo6h2sJKzZbTf
A614VSV1kQB0fVIdru+ht1FxZprmQ/UHLyWFdWi2BcK3cLzI2/CaMtl6dataIfZy
7jztDDC6/iFvmvRbAJd2N6BEthLhwx1hds8DT5vK5kYVOKIyezzzg/bEJKpKQecR
H4SK4K78O40mgKGSp6wIdsnV3+ry5uaTXcBpJZXT6+baRsBX50ssKNwZvZy3oPY=
=wRf5
-----END PGP PUBLIC KEY BLOCK-----

We do not respond to encrypted messages unrelated to security vulnerability disclosure.

p.s: There are 2 eggs on this page
Participation is voluntary and for recognition only. This does not grant permission to test, probe, or disrupt systems.
Happy Hacking 😉
Cyber Security in greenhouses - Tomato Plant
🏆 Hall Of Fame 🏆
RankOperativeOriginIntel
🥈EblisWORLDWIDE
0
0

Start typing and press Enter to search

Shopping Cart

No products in the cart.

en_US
en_US de_DE