Episode 123: Hacking AI Series: Vulnus ex Machina - Part 2
Critical Thinking - Bug Bounty Podcast22 Maj 2025

Episode 123: Hacking AI Series: Vulnus ex Machina - Part 2

Episode 123: In this episode of Critical Thinking - Bug Bounty Podcast we’re back with part 2 of Rez0’s miniseries. Today we talk about mastering Prompt Injection, taxonomy of impact, and both triggering traditional Vulns and exploiting AI-specific features.

Follow us on twitter at: https://x.com/ctbbpodcast

Got any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.io

Shoutout to YTCracker for the awesome intro music!

====== Links ======

Follow your hosts Rhynorater and Rez0 on Twitter:

https://x.com/Rhynorater

https://x.com/rez0__

====== Ways to Support CTBBPodcast ======

Hop on the CTBB Discord at https://ctbb.show/discord!

We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.

You can also find some hacker swag at https://ctbb.show/merch!

Today’s Sponsor - ThreatLocker User Store

https://www.criticalthinkingpodcast.io

/tl-userstore

====== This Week in Bug Bounty ======

Earning a HackerOne 2025 Live Hacking Invite

https://www.hackerone.com/blog/earning-hackerone-2025-live-hacking-invite

HTTP header hacks: basic and advanced exploit techniques explored

https://www.yeswehack.com/learn-bug-bounty/http-header-exploitation

====== Resources ======

Grep.app

https://vercel.com/blog/migrating-grep-from-create-react-app-to-next-js

Gemini 2.5 Pro prompt leak

https://x.com/elder_plinius/status/1913734789544214841

Pliny's CL4R1T4S

https://github.com/elder-plinius/CL4R1T4S

O3

https://x.com/pdstat/status/1913701997141803329

====== Timestamps ======

(00:00:00) Introduction

(00:05:25) Grep.app, O3, and Gemini 2.5 Pro prompt leak

(00:11:09) Delivery and impactful action

(00:20:44) Mastering Prompt Injection

(00:30:36) Traditional vulns in Tool Calls, and AI Apps

(00:37:32) Exploiting AI specific features

Avsnitt(171)

Episode 163: Best Technical Takeaways from Portswigger Top 10 2025

Episode 163: Best Technical Takeaways from Portswigger Top 10 2025

Episode 163: In this episode of Critical Thinking - Bug Bounty Podcast It’s that time of year again! We’re looking at the Portswigger Research list of top 10 web hacking techniques of 2025.Follow us o...

26 Feb 1h 8min

Episode 162: HackerOne Training AI on Bug Bounty Data?

Episode 162: HackerOne Training AI on Bug Bounty Data?

Episode 162: In this episode of Critical Thinking - Bug Bounty Podcast Justin and Joseph sit down with HackerOne Founder & CTO Alex Rice to discuss concerns of Using Hacker Data for AI and decreasing ...

19 Feb 53min

Episode 161: Cross-Consumer Attacks & DTMF Tone Exfil

Episode 161: Cross-Consumer Attacks & DTMF Tone Exfil

Episode 161: In this episode of Critical Thinking - Bug Bounty Podcast Justin Gives us some quick hits regarding CSRF and Cross Consumer Attacks, and also touches on some breaking questions surroundin...

12 Feb 24min

Episode 160: Cloudflare Zero-days & Mail Unsubscribing for XSS

Episode 160: Cloudflare Zero-days & Mail Unsubscribing for XSS

Episode 160: In this episode of Critical Thinking - Bug Bounty Podcast Joseph and Brandyn. Chat through some news, Including a Cloudflare Zero-day, Turning List-Unsubscribe into an SSRF/XSS Gadget, & ...

5 Feb 45min

Episode 159: Avoiding Downgrades on Google Cloud VRP with Cote and Darby Hopkins

Episode 159: Avoiding Downgrades on Google Cloud VRP with Cote and Darby Hopkins

Episode 159: In this episode of Critical Thinking - Bug Bounty Podcast we sit down with the Google Cloud VRP Team to deep-dive policy and reward changes, what the panel process looks like, and how to ...

29 Jan 1h 46min

Episode 158: 10hr Marathon Hack-Along Recap + $300k Client-side Bugs

Episode 158: 10hr Marathon Hack-Along Recap + $300k Client-side Bugs

Episode 158: In this episode of Critical Thinking - Bug Bounty Podcast we talk about our personal takeaways from the CTBB Charity Hackalong, and then break down some InsertScript POCs, what a $55,000 ...

22 Jan 58min

Episode 157: Crushing Pwn2Own & H1 with Kernel Driver Exploits

Episode 157: Crushing Pwn2Own & H1 with Kernel Driver Exploits

Episode 157: In this episode of Critical Thinking - Bug Bounty Podcast we’re joined by Hypr to talk about hacking Mediatek and his experiences with HackerOne and Pwn2Own Ecosystems.Follow us on twitte...

15 Jan 1h 34min

Episode 156: Chill AMA from bugbounty.forum

Episode 156: Chill AMA from bugbounty.forum

Episode 156: In this episode of Critical Thinking - Bug Bounty Podcast we answer some fantastic questions from over at bugbounty.forumFollow us on twitter at: https://x.com/ctbbpodcastGot any ideas an...

8 Jan 1h 23min

Populärt inom Teknik

uppgang-och-fall
elbilsveckan
market-makers
skogsforum-podcast
rss-elektrikerpodden
rss-powerboat-sverige-podcast
bilar-med-sladd
rss-veckans-ai
developers-mer-an-bara-kod
rss-uppgang-och-fall
rss-laddstationen-med-elbilen-i-sverige
rss-technokratin
gubbar-som-tjotar-om-bilar
rss-fabriken-2
bli-saker-podden
hej-bruksbil
har-vi-akt-till-mars-an
natets-morka-sida
teknikveckan
rss-snacka-om-ai