Built for security leaders

Automatic classification

• Knows what it's looking at — Vulnerability reports are separated from security questionnaires, compliance requests, abuse reports, and legal notices — each routed into the right workflow automatically.
• Surfaces what matters — For every report, Fort Intelligence generates a summary with suggested severity, vulnerability type, known CVEs, and area of concern — giving your team a head start before they even open the message.
• Routes to the right person — Reports are matched to your defined scopes (e.g. Web, API, Infrastructure) and sent to the designated lead, so the right person is notified immediately.
• Your data stays yours — Your data is never used for model training and is never shared with third parties. Enterprise customers can bring their own AI model for full control.

Always a human in the loop

• AI assists, your team decides — Fort Intelligence can read and analyze on its own, but anything consequential — like sending a response or changing a report's status — requires explicit approval from your team first.
• Easy to correct — If something is misclassified — say, a legal notice tagged as a vulnerability report — any team member can reclassify it in one click. The change is logged in the audit trail automatically.
• Works like a conversation — Fort Intelligence lives inside every report as a chat assistant. Ask it to summarize a thread, draft a response, or pull out key details — all in context.
• Spam and malware filtered — All inbound emails are scanned for spam, viruses, and malware before they ever reach your team.

Identity & authentication

• Single sign-on — Let your team log in with your existing identity provider. Available on Business and Enterprise plans.
• SAML — For organizations that need standards-based federated identity. Available on Enterprise.
• Separate workspaces — Run independent workspaces for different products, brands, or business units — each with their own team, settings, and access controls.

Scopes and roles

• Organize by area of responsibility — Define scopes like Web, API, Infrastructure, or Legal — and assign a lead to each. Reports are automatically routed to the right scope, so the right person handles every message.
• Leads own their domain — Each scope lead receives notifications, reviews outbound correspondence, and is accountable for every report in their area. You always know who's responsible.
• Workspace-level roles — Assign Owner, Admin, or Member roles to control who can manage settings, invite team members, or administer the workspace.

Review and reward

When a researcher submits a valid vulnerability, they can request recognition or a bounty. Your team reviews the claim and decides whether to award a monetary bounty or Hall of Fame credit — with the full history tracked from submission to resolution.

Built-in payments

Researchers set up their payout account once, and approved bounties are transferred automatically — with currency conversion, international payouts, and tax reporting handled for you.

Researcher portal

Researchers get their own portal to track submissions, see report status, manage payouts, and communicate with your team — without ever needing access to your internal workspace.

100% inbound uptime

Inbound email is handled by AWS, distributed across multiple regions with no single point of failure. Messages are accepted 24/7/365 — regardless of what's happening downstream.

Encrypted long-term queueing

If a connectivity issue, DNS disruption, or any other problem prevents immediate delivery, messages are queued in fully encrypted storage for as long as it takes. Nothing is bounced, nothing is lost.

Resilience by design

Every layer of the system is built with redundancy so that transient failures never reach your team. Your vulnerability disclosure process keeps running — even when infrastructure around it doesn't.