Inside CVE-2025-1550: Remote Code Execution via Keras Models
Before Google even filed CVE-2025-1550, one of our Huntr researchers, Mevlüt Akçam (aka...
Spotlight on winters0x64: Leveraging CTF Skills for AI/ML Bug Bounty Success
Introduction Some people skipped online classes during lockdown to binge Netflix. Arun...
Pkl Rick’d: How Loading a .pkl File Can Lead to RCE
Sometimes the simplest bugs are the most dangerous — especially when they’ve been hiding...
Exposing Keras Lambda Exploits in TensorFlow Models
In this blog, we’re breaking down one of our example Model File Vulnerabilities (MFVs) to...
Don’t Trust Your Model: How a Malicious Pickle Payload in PyTorch Can Execute Code
In this blog, we're breaking down one of our example Model File Vulnerabilities (MFVs) to...
Unlocking Bug Bounty Success: Expert Tips from Dan McInerney
What’s the secret sauce behind consistent bug bounty success? Well, the answer lies in a...
Getting Started with Docker: A Hacker’s Guide
Hey huntrs, Marcello Salvati here, threat researcher at Protect AI. I’m here to give you...
How to Hunt Vulnerabilities in Machine Learning Model File Formats
Introduction Let's talk about an often overlooked attack surface in AI systems: model...
Navigating AI/ML Bug Bounty Hunting: Lessons from Hunting Pickle Deserialization Vulnerabilities
Introduction You know what’s better than just using AI/ML systems? Breaking...
Hunting with Vulnhuntr: Getting Your First CVE
Your Path to Your First CVE Begins Here Ready to bag your first CVE with Vulnhuntr? This...