Answer to the legality of bounty hunting?

I’ve been interested in security and vulnerabilities, and do the noob-ish, practicing on vulnerable web servers, but I’m seriously curious as to when you hit the real world, how do you stay away from the opposite end of the law? I’ve seen so many people speak on how the laws against hacking are extremely broad and proof that hacking is very illegal in the US, leading up to tons of jail time. How can you be sure these companies associated won’t lash out against you? - because I’ve been told simple tests can be qualified as attempted unauthorized access

… I didn’t look 5 posts below, that’s embarrassing. I thought it was an uncommon question, my bad.