Episode 122: We Won Google's AI Hacking Event in Tokyo - Main Takeaways
Critical Thinking - Bug Bounty Podcast15 Touko 2025

Episode 122: We Won Google's AI Hacking Event in Tokyo - Main Takeaways

Episode 122: In this episode of Critical Thinking - Bug Bounty Podcast your boys are MVH winners! First we’re joined by Zak, to discuss the Google LHE as well as surprising us with a bug of his own! Then, we sit down with Lupin and Monke for a winners roundtable and retrospective of the event.

Follow us on twitter at: https://x.com/ctbbpodcast

Got any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.io

Shoutout to YTCracker for the awesome intro music!

====== Links ======

Follow your hosts Rhynorater and Rez0 on Twitter:

https://x.com/Rhynorater

https://x.com/rez0__

====== Ways to Support CTBBPodcast ======

Hop on the CTBB Discord at https://ctbb.show/discord!

We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.

You can also find some hacker swag at https://ctbb.show/merch!

Check out the CTBB Job Board: https://jobs.ctbb.show/

Today’s Guests:

Zak Bennett : https://www.linkedin.com/in/zak-bennett/

Ciarán Cotter: https://x.com/monkehack

Roni Carta: https://x.com/0xLupin

====== Resources ======

We hacked Google’s A.I Gemini and leaked its source code

https://www.landh.tech/blog/20250327-we-hacked-gemini-source-code

====== Timestamps ======

(00:00:00) Introduction

(00:03:02) An RCE via memory corruption

(00:07:45) Zak's role at Google and Google's AI LHE

(00:15:25) Different Components of AI Vulnerabilities

(00:24:58) MHV Winner Debrief

(01:08:47) Technical Takeaways And Team Strategies

(01:28:49) LHE Experience and Google VRP & Abuse VRP

Jaksot(162)

Episode 18: Audit Code, Earn Bounties

Episode 18: Audit Code, Earn Bounties

Episode 18: In this episode of Critical Thinking - Bug Bounty Podcast, we dive into everything source-code related: how to get source-code and what to do with it once you have. This episode is packed ...

11 Touko 20231h 6min

Episode 17: LA Live Chat with Five Legendary Hackers

Episode 17: LA Live Chat with Five Legendary Hackers

Episode 17: In this episode of Critical Thinking - Bug Bounty Podcast we talk with five legendary hackers about some of their favorite bugs. Live. From LA.Corben Leo “Lorben CEO” @hacker_Sam “ZLZ” “ZO...

4 Touko 202347min

Episode 16: The Hacker's Toolkit

Episode 16: The Hacker's Toolkit

Episode 16: In this episode of Critical Thinking - Bug Bounty Podcast we talk about the hacker’s toolkit. Joel and Justin talk about their VPS setup, go-to hacking tools, most often used Linux command...

20 Huhti 20231h 17min

Episode 15: The Israeli Million-Dollar Hacker

Episode 15: The Israeli Million-Dollar Hacker

Episode 15: In this episode of Critical Thinking - Bug Bounty Podcast we talk with the latest Million-Dollar bug bounty hunter: @naglinagli . He talks about his climb from $1,000 in bounties to $1,000...

13 Huhti 20231h 8min

Episode 14: Mobile Hacking Dynamic Analysis w/ Frida + Random Hacker Stuff

Episode 14: Mobile Hacking Dynamic Analysis w/ Frida + Random Hacker Stuff

Episode 14: In this episode of Critical Thinking - Bug Bounty Podcast we talk about Dynamic Analysis within Mobile Hacking and a bunch of random hacker stuff. It's a good time. Enjoy the pod.Follow us...

6 Huhti 20231h 21min

Episode 13: How to Find a Good BBP + Acropalypse + ZDI

Episode 13: How to Find a Good BBP + Acropalypse + ZDI

Episode 13: In this episode of Critical Thinking - Bug Bounty Podcast we talk about how to determine if a bug bounty program is good or not from the policy page. We also cover some news including Acro...

30 Maalis 20231h 16min

Episode 12: JHaddix on Hacker->Hacker CISO, OG Hacking Techniques, and Crazy Reports

Episode 12: JHaddix on Hacker->Hacker CISO, OG Hacking Techniques, and Crazy Reports

Episode 12: In this episode of Critical Thinking - Bug Bounty Podcast we talk with Jason Haddix about his eclectic hacking techniques, Hacker -> Hacker CISO life, and some crazy vulns he found. This e...

23 Maalis 20231h 46min

Episode 11: CV$$, Web Cache Deception, and SSTI

Episode 11: CV$$, Web Cache Deception, and SSTI

Episode 11: In this episode of Critical Thinking - Bug Bounty Podcast we talk about CVSS (the good, the bad, and the ugly), Web Cache Deception (an underrated vuln class) and a sick SSTI Joel and Fish...

16 Maalis 20231h 3min