Episode 122: We Won Google's AI Hacking Event in Tokyo - Main Takeaways
Critical Thinking - Bug Bounty Podcast15 Touko 2025

Episode 122: We Won Google's AI Hacking Event in Tokyo - Main Takeaways

Episode 122: In this episode of Critical Thinking - Bug Bounty Podcast your boys are MVH winners! First we’re joined by Zak, to discuss the Google LHE as well as surprising us with a bug of his own! Then, we sit down with Lupin and Monke for a winners roundtable and retrospective of the event.

Follow us on twitter at: https://x.com/ctbbpodcast

Got any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.io

Shoutout to YTCracker for the awesome intro music!

====== Links ======

Follow your hosts Rhynorater and Rez0 on Twitter:

https://x.com/Rhynorater

https://x.com/rez0__

====== Ways to Support CTBBPodcast ======

Hop on the CTBB Discord at https://ctbb.show/discord!

We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.

You can also find some hacker swag at https://ctbb.show/merch!

Check out the CTBB Job Board: https://jobs.ctbb.show/

Today’s Guests:

Zak Bennett : https://www.linkedin.com/in/zak-bennett/

Ciarán Cotter: https://x.com/monkehack

Roni Carta: https://x.com/0xLupin

====== Resources ======

We hacked Google’s A.I Gemini and leaked its source code

https://www.landh.tech/blog/20250327-we-hacked-gemini-source-code

====== Timestamps ======

(00:00:00) Introduction

(00:03:02) An RCE via memory corruption

(00:07:45) Zak's role at Google and Google's AI LHE

(00:15:25) Different Components of AI Vulnerabilities

(00:24:58) MHV Winner Debrief

(01:08:47) Technical Takeaways And Team Strategies

(01:28:49) LHE Experience and Google VRP & Abuse VRP

Jaksot(164)

Episode 164: Tommy DeVoss: From Black Hat to Bug Bounty LEGEND

Episode 164: Tommy DeVoss: From Black Hat to Bug Bounty LEGEND

Episode 164: In this episode of Critical Thinking - Bug Bounty Podcast Justin sits down with Tommy DeVoss to talk about his origin story, Yahoo bugs, and how Tommy first got Justin into Bug BountyFoll...

5 Maalis 1h 11min

Episode 163: Best Technical Takeaways from Portswigger Top 10 2025

Episode 163: Best Technical Takeaways from Portswigger Top 10 2025

Episode 163: In this episode of Critical Thinking - Bug Bounty Podcast It’s that time of year again! We’re looking at the Portswigger Research list of top 10 web hacking techniques of 2025.Follow us o...

26 Helmi 1h 8min

Episode 162: HackerOne Training AI on Bug Bounty Data?

Episode 162: HackerOne Training AI on Bug Bounty Data?

Episode 162: In this episode of Critical Thinking - Bug Bounty Podcast Justin and Joseph sit down with HackerOne Founder & CTO Alex Rice to discuss concerns of Using Hacker Data for AI and decreasing ...

19 Helmi 53min

Episode 161: Cross-Consumer Attacks & DTMF Tone Exfil

Episode 161: Cross-Consumer Attacks & DTMF Tone Exfil

Episode 161: In this episode of Critical Thinking - Bug Bounty Podcast Justin Gives us some quick hits regarding CSRF and Cross Consumer Attacks, and also touches on some breaking questions surroundin...

12 Helmi 24min

Episode 160: Cloudflare Zero-days & Mail Unsubscribing for XSS

Episode 160: Cloudflare Zero-days & Mail Unsubscribing for XSS

Episode 160: In this episode of Critical Thinking - Bug Bounty Podcast Joseph and Brandyn. Chat through some news, Including a Cloudflare Zero-day, Turning List-Unsubscribe into an SSRF/XSS Gadget, & ...

5 Helmi 45min

Episode 159: Avoiding Downgrades on Google Cloud VRP with Cote and Darby Hopkins

Episode 159: Avoiding Downgrades on Google Cloud VRP with Cote and Darby Hopkins

Episode 159: In this episode of Critical Thinking - Bug Bounty Podcast we sit down with the Google Cloud VRP Team to deep-dive policy and reward changes, what the panel process looks like, and how to ...

29 Tammi 1h 46min

Episode 158: 10hr Marathon Hack-Along Recap + $300k Client-side Bugs

Episode 158: 10hr Marathon Hack-Along Recap + $300k Client-side Bugs

Episode 158: In this episode of Critical Thinking - Bug Bounty Podcast we talk about our personal takeaways from the CTBB Charity Hackalong, and then break down some InsertScript POCs, what a $55,000 ...

22 Tammi 58min

Episode 157: Crushing Pwn2Own & H1 with Kernel Driver Exploits

Episode 157: Crushing Pwn2Own & H1 with Kernel Driver Exploits

Episode 157: In this episode of Critical Thinking - Bug Bounty Podcast we’re joined by Hypr to talk about hacking Mediatek and his experiences with HackerOne and Pwn2Own Ecosystems.Follow us on twitte...

15 Tammi 1h 34min