Spotlight on Lyutoon: From Black Hat to Bug Bounties
Introduction Some Ph.D. candidates stay up late fine-tuning models. Tong Liu (aka...
Pivoting Archive Slip Bugs into High-Value AI/ML Bounties
Many ML model files— .nemo, .keras, .gguf, even trusty .pth— are just zip/tar archives in...
Inside CVE-2025-1550: Remote Code Execution via Keras Models
Before Google even filed CVE-2025-1550, one of our Huntr researchers, Mevlüt Akçam (aka...
Spotlight on winters0x64: Leveraging CTF Skills for AI/ML Bug Bounty Success
Introduction Some people skipped online classes during lockdown to binge Netflix. Arun...
Pkl Rick’d: How Loading a .pkl File Can Lead to RCE
Sometimes the simplest bugs are the most dangerous — especially when they’ve been hiding...
Exposing Keras Lambda Exploits in TensorFlow Models
In this blog, we’re breaking down one of our example Model File Vulnerabilities (MFVs) to...
Don’t Trust Your Model: How a Malicious Pickle Payload in PyTorch Can Execute Code
In this blog, we're breaking down one of our example Model File Vulnerabilities (MFVs) to...
Unlocking Bug Bounty Success: Expert Tips from Dan McInerney
What’s the secret sauce behind consistent bug bounty success? Well, the answer lies in a...
Getting Started with Docker: A Hacker’s Guide
Hey huntrs, Marcello Salvati here, threat researcher at Protect AI. I’m here to give you...
How to Hunt Vulnerabilities in Machine Learning Model File Formats
Introduction Let's talk about an often overlooked attack surface in AI systems: model...