Hack the Pentagon

In November 2016, the Pentagon and Synack launched
the Defense Department’s first private bug bounty program.

"The efficiency, insights, and visibility that we gained through Synack would not have been possible through another program."
— Government Crowdsourced Security User

The Program

The Hack the Pentagon program is pioneering a crowdsourced approach to securing the government’s digital assets. The DoD engaged Synack to lead this new initiative and provide real security where traditional methods have fallen short. This private, government-grade bug bounty and vulnerability disclosure program discovers and helps remediate critical vulnerabilities in the DoD’s sensitive internal systems before the adversary can attack.

The Target

Agencies use Synack to test their high-value assets that cannot afford to be hacked. Customers trust Synack to provide an adversarial perspective on their systems’ security that will uncover unknown vulnerability risk.

What our customers say:

hack the pentagon critical systems

“If there’s any element when you don’t have trust in that [system] pipeline, that undermines a lot of how the department works.”

US Army

“If this system were hacked, it could send a tank to the White House.”

US Air Force

“This system provides critical information to military and civilian users—it has to be bulletproof.”

Why Synack?

Synack provides “a private community of skilled and trusted researchers, diverse in skillset, and able to conduct both deep binary hacking, web-based attacks, reverse engineering, and network and system exploitation.”
—Department of Defense

#1 in trust

We recruit the top 10% of ethical hackers from around the world

#1 in trust

We deliver 250% more testing activity than a traditional pen test and increased attacker resistance

#1 in value

We offer 53% higher ROI than a traditional pen test, with a >98% signal-to-noise ratio

#1 in market

Synack is the government’s preferred crowdsourced security provider, contributing >78% of federal market share


Synack's private, government-grade bug bounty launched a series of firsts

First time DoD has partnered with a private, vetted crowd of hackers

First time the DoD invited ethical hackers in to test sensitive internal systems

First time the DoD was able to receive security analytics and begin remediating in real time

Our Hack the Pentagon Results Exceed All Expectations:

Expected Impact of Findings:
Actual Impact of Findings:
Critical—Discovered critical unknown vulnerabilities left undetected by traditional solutions
Expected Time to Find a Critical Vulnerability:
1 week
Actual Time to Find a Critical Vulnerability:
4 hours—Enabled rapid action and remediation through triaging and reporting in real time
Expected Deliverable: Vulnerabilities Discovered
Actual Deliverable:
End-to-End Security Solution—Vulnerabilities Discovered, + Detailed Remediation Guidance + Blue Team Training + Force Augmentation + Testing Analytics + Security Score + Increased Attacker Resistance

Read More About the
Hack the Pentagon Program

US Army and Synack teach kids how to hack at DEF CON

Pentagon Hires Hackers to
Target Sensitive Internal Systems
Read the Article >

Join Synack in Louisville this year at DerbyCon 2017!

Why the Pentagon
wants people to hack it
Read the Article >

Vista Points: A View from the Top

Hack the Pentagon: Critical
Systems Results Revealed
Read the Blog >


Learn more about Synack Government
or contact government@synack.com

Interested in Giving Synack a Try?

Synack Logo