How to Hack AI Applications: Real-World Bug Bounty Insights

In this episode, we sit down with Joseph Thacker, a bug bounty hunter and AI security researcher, to uncover the evolving threat landscape of AI-powered applications and agents. Joseph shares battle-tested insights from real-world AI bug bounty programs, breaks down why AI AppSec is different from traditional AppSec, and reveals common vulnerabilities most companies miss, like markdown image exfiltration, XSS from LLM responses, and CSRF in chatbots.

He also discusses the rise of AI-driven pentesting agents ("hack bots"), their current limitations, and how augmented human hackers will likely outperform them, at least for now. If you're wondering whether AI can really secure or attack itself, or how AI is quietly reshaping the bug bounty and AppSec landscape, this episode is a must-listen.

Questions asked:

(00:00) Introduction

(02:14) A bit about Joseph

(03:57) What is AI AppSec?

(05:11) Components of AI AppSec

(08:20) Bug Bounty for AI Systems

(10:48) Common AI security issues

(15:09) How will AI change pentesting?

(20:23) How is the attacker landscape changing?

(22:33) Where would autimation add the most value?

(27:03) Is code being deployed less securely?

(32:56) AI Red Teaming

(39:21) MCP Security

(42:13) Evolution of pentest with AI

Resources shared during the interview:

- How to Hack AI Agents and Applications

- Critical Thinking Bug Bounty Podcast

- The Rise of AI Hackbots

- Shift - Caido Plugin

- Shadow Repeater

- Nuclei

- Haize Labs

- White Circle AI

- Prompt Injection Primer for Engineers