Episode 123: Hacking AI Series: Vulnus ex Machina - Part 2

Episode 123: In this episode of Critical Thinking - Bug Bounty Podcast we’re back with part 2 of Rez0’s miniseries. Today we talk about mastering Prompt Injection, taxonomy of impact, and both triggering traditional Vulns and exploiting AI-specific features.

Follow us on twitter at: https://x.com/ctbbpodcast

Got any ideas and suggestions? Feel free to send us any feedback here: [email protected]

Shoutout to YTCracker for the awesome intro music!

====== Links ======

Follow your hosts Rhynorater and Rez0 on Twitter:

https://x.com/Rhynorater

https://x.com/rez0__

====== Ways to Support CTBBPodcast ======

Hop on the CTBB Discord at https://ctbb.show/discord!

We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.

You can also find some hacker swag at https://ctbb.show/merch!

Today’s Sponsor - ThreatLocker User Store

https://www.criticalthinkingpodcast.io

/tl-userstore

====== This Week in Bug Bounty ======

Earning a HackerOne 2025 Live Hacking Invite

https://www.hackerone.com/blog/earning-hackerone-2025-live-hacking-invite

HTTP header hacks: basic and advanced exploit techniques explored

https://www.yeswehack.com/learn-bug-bounty/http-header-exploitation

====== Resources ======

Grep.app

https://vercel.com/blog/migrating-grep-from-create-react-app-to-next-js

Gemini 2.5 Pro prompt leak

https://x.com/elder_plinius/status/1913734789544214841

Pliny's CL4R1T4S

https://github.com/elder-plinius/CL4R1T4S

O3

https://x.com/pdstat/status/1913701997141803329

====== Timestamps ======

(00:00:00) Introduction

(00:05:25) Grep.app, O3, and Gemini 2.5 Pro prompt leak

(00:11:09) Delivery and impactful action

(00:20:44) Mastering Prompt Injection

(00:30:36) Traditional vulns in Tool Calls, and AI Apps

(00:37:32) Exploiting AI specific features