Our new PCC bounty categories are aligned with the most critical threats we describe in the Security Guide:

Accidental data disclosure: vulnerabilities leading to unintended data exposure due to configuration flaws or system design issues.
External compromise from user requests: vulnerabilities enabling external actors to exploit user requests to gain unauthorized access to PCC.
Physical or internal access: vulnerabilities where access to internal interfaces enables a compromise of the system.