Episode 162: HackerOne Training AI on Bug Bounty Data?
Critical Thinking - Bug Bounty Podcast19 Helmi

Episode 162: HackerOne Training AI on Bug Bounty Data?

Episode 162: In this episode of Critical Thinking - Bug Bounty Podcast Justin and Joseph sit down with HackerOne Founder & CTO Alex Rice to discuss concerns of Using Hacker Data for AI and decreasing bounties.


Follow us on twitter at: https://x.com/ctbbpodcast

Got any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.io

Shoutout to YTCracker for the awesome intro music!



====== Links ======

Follow your hosts Rhynorater, rez0 and gr3pme on X:

https://x.com/Rhynorater

https://x.com/rez0__

https://x.com/gr3pme


Critical Research Lab:

https://lab.ctbb.show/


====== Ways to Support CTBBPodcast ======

Hop on the CTBB Discord at https://ctbb.show/discord!


We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.


You can also find some hacker swag at https://ctbb.show/merch!


Today's Sponsor: Join Justin at Zero Trust World in March and get $200 off registration with Code ZTWCTBB26

https://ztw.com/


Today’s Guest: https://x.com/senorarroz


====== This Week in Bug Bounty ======


XML external entity: The ultimate Bug Bounty guide to exploiting XXE vulnerabilities

https://www.yeswehack.com/learn-bug-bounty/xml-external-entity-guide-xxe?utm_source=Critical_Thinking&utm_medium=Youtube&utm_campaign=XXE_Critical_Thinking&utm_id=XXE_CT


Bug Bounty Maturity Framework

https://bugbountymaturity.com/


====== Resources ======

Confidential Information and Confidentiality Obligations

https://www.hackerone.com/terms/general#:~:text=HackerOne%20may%20use%20Confidential%20Information%20to%20develop%20and/or%20improve%20its%20Services%20(for%20example%2C%20to%20identify%20trends%2C%20and%20to%20train%20AI%20models)%20provided%20such%20use%20does%20not%20result%20in%20disclosure%20of%20Confidential%20Information%20to%20unauthorized%20third%20parties


Ownership and Licenses

https://www.hackerone.com/terms/community#:~:text=8.%20Ownership%20and%20Licenses


I argued with an AI regarding HackerOne using Hacker reports to train PtaaS

https://bugbounty.forum/post/183ff0fc-eb9e-47f8-991d-c0aa5b0bba71


HackerOne PTaaS (likely training their AI on private reports data)

https://www.reddit.com/r/bugbounty/comments/1r5hixk/hackerone_ptaas_likely_training_their_ai_on/


What Makes Agentic PTaaS Different in Real Environments

https://www.hackerone.com/blog/agentic-penetration-testing-as-a-service#:~:text=Our%20agents%20are,real%20enterprise%20constraints


====== Timestamps ======

(00:00:00) Introduction

(00:08:44) HackerOne AI Terms of Service

(00:24:56) Agentic PTaaS

(00:38:09) Selling data

(00:43:49) Decrease in Bounties

Jaksot(162)

Episode 50: ­Mathias 'Fall in a well' Karlsson - Bug Bounty Prophet

Episode 50: ­Mathias 'Fall in a well' Karlsson - Bug Bounty Prophet

Episode 50: In this episode of Critical Thinking - Bug Bounty Podcast, Justin catches up with hacking master Mathias Karlsson, and talks about burnout, collaboration, and the importance of specializat...

21 Joulu 20232h 24min

Episode 49: Getting Live Hacking Event Invites & Bug Bounty Collab with Nagli

Episode 49: Getting Live Hacking Event Invites & Bug Bounty Collab with Nagli

Episode 49: In this episode of Critical Thinking - Bug Bounty Podcast, Justin Gardner is once again joined by Nagli to discuss some of their recent hacking discoveries. They talk about finding and exp...

14 Joulu 202351min

Episode 48: MVH, DEFCON Black Badge, Googler - Sam Erb

Episode 48: MVH, DEFCON Black Badge, Googler - Sam Erb

Episode 48: In this episode, joined by the spectacular Sam Erb, Google Security Engineer and DEFCON Black Badge winner. We talk about the importance of understanding how systems work to find vulnerabi...

7 Joulu 20231h 36min

Episode 47: CSP Research, Iframe Hopping, and Client-side Shenanigans

Episode 47: CSP Research, Iframe Hopping, and Client-side Shenanigans

Episode 47: In this episode of Critical Thinking - Bug Bounty Podcast, the holidays are fast approaching, and Justin and Joel discuss some of the struggles of getting back into the hacking groove duri...

30 Marras 20231h 31min

Episode 46: The SAML Ramble

Episode 46: The SAML Ramble

Episode 46: In this episode of Critical Thinking - Bug Bounty Podcast, Justin is deep diving the topic of SAML (Security Assertion Markup Language), and walks through what it is and why it can be inti...

23 Marras 202343min

Episode 45: The OG Bug Bounty King - Frans Rosen

Episode 45: The OG Bug Bounty King - Frans Rosen

Episode 45: In this episode of Critical Thinking - Bug Bounty Podcast, we're thrilled to welcome Frans Rosén, an OG bug bounty hunter and co-founder of Detectify. We kick off with Frans sharing his jo...

16 Marras 20232h 36min

Episode 44: URL Parsing & Auth Bypass Magic

Episode 44: URL Parsing & Auth Bypass Magic

Episode 44: In this episode of Critical Thinking - Bug Bounty Podcast, the topic is URL structure, and Justin and Joel break down the elements that make up a URL and some common tips and tricks surrou...

9 Marras 20231h 11min

Episode 43: Caido - The Up-And-Coming HTTP Proxy

Episode 43: Caido - The Up-And-Coming HTTP Proxy

Episode 43: In this episode of Critical Thinking - Bug Bounty Podcast, we're joined by Emile from Caido, who shares his journey into the bug bounty and ethical hacking world. We kick off with a hilari...

2 Marras 20231h