Critical Thinking - Bug Bounty Podcast Episode 123: Hacking AI Series: Vulnus ex Machina - Part 2
Episode 123: In this episode of Critical Thinking - Bug Bounty Podcast we’re back with part 2 of Rez0’s miniseries. Today we talk about mastering Prompt Injection, taxonomy of impact, and both triggering traditional Vulns and exploiting AI-specific features.
Follow us on twitter at: https://x.com/ctbbpodcast
Got any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.io
Shoutout to YTCracker for the awesome intro music!
====== Links ======
Follow your hosts Rhynorater and Rez0 on Twitter:
====== Ways to Support CTBBPodcast ======
Hop on the CTBB Discord at https://ctbb.show/discord!
We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.
You can also find some hacker swag at https://ctbb.show/merch!
Today’s Sponsor - ThreatLocker User Store
https://www.criticalthinkingpodcast.io
/tl-userstore
====== This Week in Bug Bounty ======
Earning a HackerOne 2025 Live Hacking Invite
https://www.hackerone.com/blog/earning-hackerone-2025-live-hacking-invite
HTTP header hacks: basic and advanced exploit techniques explored
https://www.yeswehack.com/learn-bug-bounty/http-header-exploitation
====== Resources ======
https://vercel.com/blog/migrating-grep-from-create-react-app-to-next-js
Gemini 2.5 Pro prompt leak
https://x.com/elder_plinius/status/1913734789544214841
Pliny's CL4R1T4S
https://github.com/elder-plinius/CL4R1T4S
O3
https://x.com/pdstat/status/1913701997141803329
====== Timestamps ======
(00:00:00) Introduction
(00:05:25) Grep.app, O3, and Gemini 2.5 Pro prompt leak
(00:11:09) Delivery and impactful action
(00:20:44) Mastering Prompt Injection
(00:30:36) Traditional vulns in Tool Calls, and AI Apps
(00:37:32) Exploiting AI specific features