diff --git a/docs/adv/security/bug-bounty.md b/docs/adv/security/bug-bounty.md
index accdc2d72e..b2cde976a8 100644
--- a/docs/adv/security/bug-bounty.md
+++ b/docs/adv/security/bug-bounty.md
@@ -24,9 +24,14 @@ Eligible submissions must involve software and services developed by Obol, speci
 
 - Charon the DV Middleware Client
 - Obol DV Launchpad and Public API
+- Obol SDK and APIs
 - Obol Splits Contracts
 - Obol Labs hosted Public Relay Infrastructure
 
+:::note
+Vulnerabilities found in Charon code under the `alpha` subcommand may be down-weighted in severity, as these features are not recommended for production use.
+:::
+
 Submissions related to the following are considered out of scope:
 
 - Social engineering