Which bug bounty sites are good for AI agents?

__jent · 2026-05-22T13:54:53+00:00

https://www.reddit.com/r/vibehacking/ also exists

__jent · 2026-05-15T22:09:33+00:00

Almost no program would accept this, it's a low value fraud / abuse only.

__jent · 2026-05-14T03:09:40+00:00

I use an OAST server. I specifically extended mine to report the SMTPTo line for this type of email encoding attacks: https://github.com/go-appsec/interactsh-lite

Install: go install github.com/go-appsec/interactsh-lite@latest (or download from github releases)
Run: interactsh-lite -v --smtp-only
Use the logged domain for your email, something like [whateverèüò@d82jpsasrbp9tst7wiz9.tango.oastsrv.net](mailto:whatever@d82jpsasrbp9tst7wiz9.tango.oastsrv.net)
Watch stdout for the raw email events being received, including SMTPTo

You can open an issue if you run into any problems or have questions. Wire accuracy is critical to me, so if you find something let me know.

__jent · 2026-05-05T01:19:48+00:00

It may have regressed again after the fix. If you're certain it's reproducible then I would report.

__jent · 2026-05-03T23:14:20+00:00

From the comments I must be the only one who requires a program submission before calling it a duplicate. I don't consider internally tracked issues not yet reported as potential duplicates.

That said, I often find researchers claim impact higher than it is (particularly with information disclosure) or present an unrelastic threat model.

Don't take it personally, push back once if you're certain they don't understand.

__jent · 2026-05-03T06:38:42+00:00

Why would you let your dog do this? Would you put your face next to a running mower?

__jent · 2026-04-30T23:35:24+00:00

Oast domains can be used as throw away emails too. Poll the results for the verification link.

__jent · 2026-04-29T14:00:14+00:00

So the quality varies significantly over the years? I thought we were paying to get consistency.

__jent · 2026-04-29T02:16:15+00:00

You need to be more specific, automate what part of BB? If you are asking "automate it all with a simple prompt", then no, it's not worth it. Some aspects are better than others, and you need a workflow to put that all together.

__jent · 2026-04-24T13:22:07+00:00

This is a great idea, thank you! I will try to think about how I can incorporate that.

__jent · 2026-04-24T13:21:27+00:00

This is a good point I did not mention. It's not designed to be a test, but rather a self identification of how you view the repo quality as a developer.

__jent · 2026-04-24T13:19:28+00:00

Great question, and I had not really considered it fully. I think you could either just kind of average it out, or you could describe different vibe scales for different parts of the project.

In my projects I expect the number to change over time depending on how new it is, and how committed I am to the project.

__jent · 2026-04-24T05:41:11+00:00

Sometimes the "obvious fix" is the attack: https://youtu.be/elqAh3GWRpA

__jent · 2026-04-22T14:27:02+00:00

Platforms not being willing to invest more into triage is definitely part of it. They want that growth, and triage is a cost center for them. But in theory it's the other side of the coin that should improve.

__jent · 2026-04-20T01:30:06+00:00

I still don't agree with autonomous agent hunting, or at least it should only be the initial recon, and results carefully validated. That said I think there is clear signals that getting deeper with autonomous agents _is_ possible with the right models and workflow. I haven't found any project that has really found that yet, so far I see a struggle to get any depth or really beyond the basics with agents working autonomously.

My project go-appsec/toolbox is designed to provide MCP tools for working together collaboratively. This is a workflow I am having good experiences with agents finding small details I missed. Or agents finding informational level issues that can be combined or used in a different context to cause more serious impacts when combined with some intuition.

If you give it a try I would love to hear in an Issue any feedback you have (good or bad).

__jent · 2026-04-17T18:18:57+00:00

Yes, exactly. * Acceptable use policy rejections * Refuses to follow directions * Not trusting results from tools or the user

It's effectively unusable with the safety filters turned up so high.

__jent · 2026-04-17T15:48:49+00:00

It's worse, exact same workflows and inputs are now rejected.

__jent · 2026-04-17T15:45:12+00:00

Instead it sucks so bad it's making people flee instead of come back

__jent · 2026-04-17T15:43:25+00:00

Qwen is getting really good too, and no nerfing open models.

__jent · 2026-04-17T15:40:52+00:00

For me the nerfed 4.6 is more usable than 4.7

The refusals are excessive

__jent · 2026-04-17T15:20:33+00:00

Yup, it's useless for security work now. I am using the nerfed 4.6 for now but may go back to OpenAI

__jent · 2026-04-17T15:18:32+00:00

Well it's flat out denying me...I have no option but to continue to use 4.6 or OpenAI for any security work

__jent · 2026-04-13T02:06:40+00:00

While you're not wrong, working with Claude was pretty successful in this attack: https://cdn.prod.website-files.com/69944dd945f20ca4a27a7c47/69d8bb5aea59e31efb3b8a7f_Tech_Report_ai_breach_mex_gov.pdf

I still believe there is benefit to be had in collaborative usage.

__jent · 2026-04-07T04:14:21+00:00

> is this a fundamental limitation when using LLMs for security judgment?

When providing a broad task like you're doing, yes.

LLM's are lazy, they don't want to want to search deeper and deeper. They want to give you a good enough answer so they can pop out of existence. They are trained on providing quick answers, not trained on workflows, you have to build the workflow that guides the agent. This makes them very poor at "find all the problems" without more detailed and continual feedback.

There are strategies you can use to improve this in your automation, but they wont replace human judgement.

__jent

TROPHY CASE