Posts by: Dan McInerney

What’s the secret sauce behind consistent bug bounty success? Well, the answer lies in a strategic approach: dissecting a single project, identifying hot spots, leveraging the right tools, and focusing on impactful...

Introduction Let's talk about an often overlooked attack surface in AI systems: model file formats. Sure, everyone focuses on API security and web vulnerabilities, but there's a whole world of potential bugs...

Your Path to Your First CVE Begins Here Ready to bag your first CVE with Vulnhuntr? This step-by-step guide will walk you through the entire process—from installing the tool to reporting your...

Introduction As AI and machine learning models become more embedded in modern infrastructure, everything from your smart fridge to who knows what else, the files running those models are starting to look...

Hacking AI/ML: Account Hijacking and Internal Network Attacks in Kubeflow Kubeflow Details Kubeflow, maintained by Google, is one of the most popular end-to-end machine learning workflow tools out today. Similar to AWS’s...

Hacking AI/ML: H2O Exposes Entire Filesystem What is H2O-3? H2O-3 is a low-code tool that abstracts away most of the details of creating a machine learning model. It is the most popular...

Hacking AI/ML: Advanced API Attacks in ChatGPT Anomaly Hunting in Applications As usual, our investigation started with mapping out all the ChatGPT requests in Burp Suite before kicking off the automated scan...

Hacking AI/ML: MXNet Unsafe Pointer Usage Note from Protect AI (acquired by Palo Alto Networks) Security researcher Sierra Haex, in collaboration with huntr's Threat Research team, discovered an interesting bug in MXnet,...