The MLSecOps Podcast How Red Teamers Are Exposing Flaws in AI Pipelines
Jul 9, 2025
Robbe Van Roey, known as PinkDraconian, serves as the Offensive Security Lead at Toreon and is a renowned bug bounty hunter focused on AI frameworks. He shares his journey from hobby hacking to discovering critical vulnerabilities in AI systems such as BentoML and LangChain. Robbe discusses the dangers of Python pickling for model serialization, exposing risks like remote code execution. He emphasizes the importance of safe alternatives and how red teaming can uncover hidden bugs. His insights also include strategies for improving AI security and the significance of public CVEs in career growth.
AI Snips
Chapters
Transcript
Episode notes
From CTFs To Real-World Domain Admin
- Robbe described his start in CTFs and his first real pentest where he became domain admin within hours.
- That early success hooked him and proved real-world hacking was easier than CTFs.
Research-First Builds Risk Security Gaps
- AI libraries move fast and are often built by researchers, not security-focused engineers.
- That mismatch causes simple, repeatable security mistakes to resurface in new frameworks.
Pickle Can Execute Code On Load
- Python pickle serialization enables remote code execution when untrusted models are loaded.
- Malicious model objects can run code during unpickling via reduce or similar mechanisms.