OpenAI Launches AI Safety Bug Bounty The new programme pays researchers to find AI‑safety flaws, from harmful model behaviour to MCP exploits, with the chance of $7,500 rewards.

OpenAI have introduced a new bug bounty programme focused on AI-specific safety scenarios, with researchers potentially seeing payouts of up to $7,500 for vulnerabilities found in the AI firm’s agentic products.

www.digit.fyi/openai-launc...
#tech #OpenAI #bugbounty

A shoutout to thanks GovTech team for issuing such a cute custom badge to researchers who contributed valid reports to their Bug Bounty Program.

My GovTech Injection badge is expiring soon! It was issued for finding an Injection vulnerability during GBBP.

Shoutout to GovTech Singapore team for the thoughtful custom badge collection for contributors. A small but meaningful gesture. 🦔

#BugBounty #EthicalHacking #CyberSecurity

Article image

🔓 The AI Security Skills Gap: What It Is, Where It Exists, and How to Close It

The AI security skills gap threatens enterprise AI investments. Learn where skills gaps exist across security t…
#EthicalHacking #PenTest #BugBounty
OffSec · https://www.offsec.com/blog/the-ai-security-skills-gap/

Today's final practice challenge involves another oversight some (Ruby) developers make.

Can you seem to spot the broken access control in this code snippet? 🐛

Swipe through to see the vulnerable code! Solution will be revealed tomorrow as usual!

#BugBounty #HackWithIntigriti #BugQuest

i think bug hunting taught me more about debugging than dev ever did. #bugbounty

Swipe through to see the vulnerable code! And as usual, solution will be revealed tomorrow!

#BugBounty #HackWithIntigriti #BugQuest

OpenAI launches a public safety bug bounty program on Bugcrowd to tackle AI-specific abuse and safety risks like prompt injection, data exfiltration, and agentic product abuse. Rewards up to $7,500. #AISafety #BugBounty #OpenAI

Swipe through to see the vulnerable code! And as usual, the solution will be revealed tomorrow!

#BugBounty #HackWithIntigriti #BugQuest

Make OpenAI’s models misbehave and earn a reward - Help Net Security OpenAI’s Safety Bug Bounty program covers agentic risks, data exposure, platform integrity issues, and reporting scope.

Make OpenAI’s models misbehave and earn a reward

📖 Read more: www.helpnetsecurity.com/2026/03/27/o...

#cybersecurity #cybersecuritynews #AI #bugbounty

Swipe through to see the vulnerable code! As usual, solution will be revealed tomorrow!

#BugBounty #HackWithIntigriti #BugQuest

How to become a bug bounty hunter - Negative PID Many people entering the cybersecurity field believe that the only way to demonstrate their skills to a prospective employer is to hack into their systems.

How to become a bug bounty hunter

negativepid.blog/how...

#bugBounty #securityResearch #cybersecurityCareers #Cybersecurity #cyberattacks #cyberThreats #onlineSecurity #negativepid #offSec

Does anyone know of an open source project that would need some security testing? Best case it's a project for a good cause too (example human or digital rights, privacy, minorities, lhbtq) #oss #pentest #bugbounty #bb #opensource

Pioggia di bug da Mozilla scoperti dalle AI. Tre da score 10 e 14 da 9.8

📌 Link all'articolo : www.redhotcyber.com/post/pio...

#redhotcyber #news #cybersecurity #hacking #malware #ransomware #vulnerabilita #bugbounty #intelligenzaartificiale #sicherheitinformatica

why do all the juicy endpoints have the worst error messages? #bugbounty

🔍 OpenAI te paga por encontrar fallos de seguridad en su IA

https://openai.com/index/safety-bug-bounty

#BugBounty #SeguridadIA #OpenAI #Ciberseguridad

Swipe through to see the vulnerable code! Solution will be revealed tomorrow as usual!

#BugBounty #HackWithIntigriti #BugQuest

Finding bugs is fun.

Writing the report? Not so much.

So I built VulnDraft 🐞
An open-source bug report generator for bug bounty hunters.

Supports HackerOne, Bugcrowd, Intigriti templates + built-in CVSS.

github.com/ruyynn/VulnD...

#BugBounty #Infosec #OpenSource

GitHub - pikpikcu/airecon: AIRecon is an autonomous cybersecurity agent that combines a self-hosted Large Language Model (Ollama) with a Kali Linux Docker sandbox and a Textual TUI. It is designed to ... AIRecon is an autonomous cybersecurity agent that combines a self-hosted Large Language Model (Ollama) with a Kali Linux Docker sandbox and a Textual TUI. It is designed to automate security assess...

AIRecon is an autonomous cybersecurity agent that combines a self-hosted Large Language Model (Ollama) with a Kali Linux Docker sandbox and a Textual TUI.

github.com/pikpikcu/air...

#aiagent #bugbounty

Swipe through to see the vulnerable code! Solution will be revealed tomorrow as usual!

#BugBounty #HackWithIntigriti #BugQuest

Can you spot the broken access control in this code snippet? 🐛

Swipe through to see the vulnerable code! Solution will be revealed tomorrow as usual!

#BugBounty #HackWithIntigriti #BugQuest

Chrome 146 Update Patches High-Severity Vulnerabilities Google released Chrome 146 to patch eight high-severity memory-safety vulnerabilities, including heap buffer overflows, out-of-bounds reads, use-after-free bugs, and an integer overflow. Notable fixes include CVE-2026-4673 and CVE-2026-4677 in WebAudio (the former earned a $7,000 bounty), and users should update to Chrome 146.0.7680.164/165 immediately to reduce exposure to active exploits. #Chrome146...

Google Chrome 146 patches eight high-severity memory-safety flaws including heap buffer overflows, use-after-free, and integer overflow bugs. Notable fixes: CVE-2026-4673 & CVE-2026-4677 in WebAudio. #Chrome146 #BugBounty #USA

IMPORTANT: The AT&T BGW320-500 vulnerability (HackerOne #3546501, CVSS 9.6) is NOT an Arris issue. AT&T owns the firmware. Arris made the hardware. The exploit is AT&T’s code. AT&T owns the patch. #ATT #CyberSecurity #HackerOne #Infosec#ATT #CyberSecurity #HackerOne #BugBounty #Infosec

Swipe through to see the vulnerable code! Solution will be revealed tomorrow!

#BugBounty #HackWithIntigriti #BugQuest

Found my very first SSRF bug bounty tonight hunting plus a path traversal! Yesterday found some more server misconfiguration. Im starting to get much better at bug bounty hunting. After all these years of work. :) #bugbounty

Second-order vulnerabilities occur when one application feature processes your input in a way that affects authorization in another feature.

Swipe through to learn more about second-order attacks!

#BugBounty #HackWithIntigriti #BugQuest

How to become a bug bounty hunter - Negative PID Many businesses participate in bug bounty hunting programs. Indeed, many skilled people have adopted bug bounty hunting as a full-time job. Here's how.

How to become a bug bounty hunter

negativepid.blog/how...

#bugBounty #bugHunter #careers #tech #Cybersecurity #cyberattacks #cyberThreats #onlineSecurity #negativepid

In some cases, they emerge from logic flaws within multi-step workflows or feature integrations where the application loses track of authorization between steps.

Today, we’re exploring an example of such a case. Swipe through to learn more!

#BugBounty #HackWithIntigriti #BugQuest

Everyone is finding vulns. The hard part is proving them. LLMs are a genuine leap forward for vulnerability discovery. Anthropic reported 500+ zero-days from Opus 4.6 and OpenAI's Codex Security discovered 14 CVEs across projects like OpenSSH and GnuTLS. If you've experimented with LLMs for security testing, you've probably been impressed too. The practical reality for a security team deploying AI is messier than the headlines or early POC results suggest. Noise compounds fast. Anthropic brought in external security researchers to help validate the vo

Originally from ProjectDiscovery: Everyone is finding vulns. The hard part is proving them. ( :-{ı▓ #projectdiscovey #bugbounty #cyberresearch

Swipe through to learn how to exploit JWT vulnerabilities for authorization bypass! We’ve also attached one of our comprehensive web hacking articles as an additional reference. Be sure to give it a read.

#BugBounty #HackWithIntigriti #BugQuest

Every exposed inference endpoint is a training set for attackers.

High-volume, carefully crafted queries let them clone outputs and rehost your model.

Rate-limit, add noise, and watch for scraping signals.

#BugBounty #AIsecurity #ModelStealing