Attention Bugcrowd researchers!

---

We're excited to announce the launch of Q-Chat, our AI tutor built on OpenAI's ChatGPT API in conjunction with Quizlet's educational content library. Q-Chat engages students with adaptive questions based on relevant study materials delivered through a fun chat experience.

We're looking for security researchers to help us test our sensible controls around this new feature. Q-Chat will be available on our set pages and here directly to most researchers in the US with accounts that are 18 or older in English.

Please note that there are rate limits and conversation limits in place, so multiple accounts may be ideal for testing. In addition, accounts currently need to be at least 1 day old to enroll during our beta phase.

If you're interested in testing Q-Chat for us, please dive in! We appreciate your help in making sure that our new feature is secure and reliable for our users.

---

Here are some examples of areas to research:

• Test for input validation: Check if the application validates all user inputs correctly and prevents unauthorized access or injection of malicious scripts.

• Test for authentication and authorization: Verify if the application has proper authentication and authorization mechanisms in place to ensure that only authorized users can access protected content on Quizlet using Q-Chat.

• Test for API security: Ensure that the application properly secures API calls and data transmissions between Q-Chat and our servers to prevent unauthorized access.

• Attempt to bypass our content moderation: Q-Chat should only allow users to study and not switch context or engage in inappropriate conversations. Please attempt to break context or any other clever AI chat injections.

---

Thank you and we look forward to your submissions!