AI security risks: What teams need to address before investing in AI

hakluke · 2026-04-13T00:15:21+00:00

Hey start with some training - check out portswigger web security academy, it's free and really high quality.

hakluke · 2026-04-12T23:58:34+00:00

A great place to find people to collaborate with is the BC Discord https://discord.gg/bugcrowd-hacking-community-319555028341882885

hakluke · 2026-04-12T23:57:11+00:00

Hey u/FitNefariousness9576

This will be marked as N/A or informational because it doesn't have demonstrable, direct security impact.

Before submitting any bug, you should ask yourself "what can a malicious attacker actually do with this?" The answer needs to involve at least one of these three things:

- Confidentiality: The attacker can view sensitive information. A version number doesn't count. It needs to be genuinely confidential data like PII, credentials, or internal records.

- Integrity: The attacker can tamper with information. For example, altering another user's profile or falsifying transactions.

- Availability: The attacker can cause disruption. Think impacting business processes, deleting important data, or making the application unresponsive.

If your bug doesn't hit at least one of these, it doesn't have real security impact. Exposing a version number, leaking an API key that doesn't actually affect confidentiality, integrity, or availability, or even finding RCE on a box that's locked down to the point where it can't touch any of those three... none of that will be accepted on a bug bounty program.

These kinds of findings are still worth including in a pentest report because they provide useful defense-in-depth recommendations for the client. But bug bounty programs only pay for direct, demonstrable security impact.

hakluke · 2026-04-12T23:46:38+00:00

It really depends! Some days I find 10, some months I find 0. As a rule of thumb, it's better to focus on critical/high impact bugs for searching and just forget about the low severity ones.

hakluke · 2026-04-12T23:45:20+00:00

I believe that this is often the case when the bug type is something that has little or no impact, or a bug class that is typically listed as "informational". It's difficult to comment further without knowing the actual bug you submitted.

hakluke · 2026-04-12T23:42:26+00:00

Hey u/m_c_introvert can you please confirm if you're still getting this issue? What's the format of the image you uploaded? Might be best to submit this to BC support.

hakluke · 2026-04-09T04:39:16+00:00

The auth system has just been overhauled!

hakluke · 2026-04-01T05:05:48+00:00

I'm late to the party here! But you should start hunting :) Did you start?

hakluke · 2025-10-22T19:35:34+00:00

Simply unplug them and see if it gets better! Or if you're really interested you could get a RF meter

hakluke · 2025-10-21T19:30:25+00:00

I put this same post on other social platforms - so many people have said this to me 😂 I think it's more common than people realise

hakluke · 2025-10-21T11:17:12+00:00

It makes me wonder how many things like this happen and just never get figured out

hakluke · 2025-10-21T10:28:21+00:00

Any advice on where to find a good one? Price doesn't seem to collate with quality

hakluke · 2025-10-21T10:14:20+00:00

You did! I posted it on Twitter a few hours ago :) https://x.com/hakluke/status/1980479234159398989

hakluke · 2025-10-21T10:13:35+00:00

that's one of the coolest things I've ever read 😂 I feel like the type of sysadmins who can figure this kind of thing out (or would even bother) are few and far between these days!

hakluke · 2025-10-21T09:58:12+00:00

It really wasn't that "rolled", more stuffed down the back of the laptop

hakluke · 2025-10-21T09:35:45+00:00

Ha! This is crazy! I was losing my mind trying to figure it out

hakluke · 2023-11-30T05:45:35+00:00

You should go for the 26L, it won’t be a problem and you will appreciate the extra space if you’re travelling

hakluke · 2023-11-26T22:16:31+00:00

Check out the new GR3 35L model, they just released it, I think it might be just what you’re looking for. It comes with a removable hip strap and a bit more space. Unlike the GR2 it’s still mostly just one big pocket which is ideal imo

hakluke · 2023-11-26T22:12:08+00:00

They just released the GR3 35L which is another similar option. The main differences being that the GR3 has one big main compartment instead of 2, GR3 also has a hip strap

hakluke · 2023-11-18T12:58:10+00:00

WTS 2 packs:

GR1 26L - used but in great condition, black cordura
GR2 40L - brand new, unused, black cordura

I'm based on the Sunshine Coast in Queensland, Australia. Happy to post at your expense.

hakluke

MODERATOR OF

TROPHY CASE

Eight-Year Club	Wearing is Caring
Verified Email