How to Hunt Vulnerabilities in Machine Learning Model File Formats

Introduction Let's talk about an often overlooked attack surface in AI systems: model file formats. Sure, everyone focuses on API security and web vulnerabilities, but there's a whole world of potential bugs...

Navigating AI/ML Bug Bounty Hunting: Lessons from Hunting Pickle Deserialization Vulnerabilities

Introduction You know what’s better than just using AI/ML systems? Breaking them—ethically, of course. Peng Zhou (aka zpbrent), one of our huntrs, did exactly that when he explored a popular AI hub...

Hunting with Vulnhuntr: Getting Your First CVE

Your Path to Your First CVE Begins Here Ready to bag your first CVE with Vulnhuntr? This step-by-step guide will walk you through the entire process—from installing the tool to reporting your...

GGUF File Format Vulnerabilities: A Guide for Hackers

Introduction As machine learning continues to rise in prominence, so does the need for secure file formats and libraries to store and load model weights. One such format, GGUF, has gained popularity...

A Technical Deep Dive: Backdooring AI Model File Formats

Introduction As AI and machine learning models become more embedded in modern infrastructure, everything from your smart fridge to who knows what else, the files running those models are starting to look...

Spotlight on m0kr4n3: Hacking AI/ML Systems with a CTF Mindset

Introduction At huntr, we’ve got a thing for celebrating the hackers and researchers shaking things up in AI/ML security. So this time, we're throwing the spotlight on Mokrane Abdelmalek (aka m0kr4n3)—a sharp...

Spotlight on acciobugs: Uncovering Improper Access Control Vulnerabilities in lunary-ai/lunary

Introduction At huntr, we love to celebrate the incredible talent in our community who are helping secure the future of AI/ML systems. Today, we’re excited to spotlight Ileana Barrionuevo, known as @acciobugs...

Developing Metasploit Python Modules the Easy Way

Introduction For a while now, the Metasploit Framework has supported modules written in languages other than Ruby (e.g. Python, Golang) which is great if you’re not a Ruby inclined person such as...

Spotlight on hainguyen0207: Tackling AI/ML Exploits in LOLLMS Through Huntr

Introduction At huntr, we take pride in showcasing the brilliant minds contributing to a safer, AI-powered world. Among our growing community of over 15,000 hackers and security researchers, Nguyen Van Hai (known...

Critical Path Traversal Flaw Leads to Remote Code Execution in parisneo/lollms

Introduction Hello everyone! I am Nhien Pham, aka nhienit. Today, I would like to share about the CVE-2024-5443 vulnerability that I discovered in a product called parisneo/lollms through huntr (a bug bounty...

Spotlight on mnqazi: Critical Findings in ChuanhuChatGPT and AI/ML Security

Introduction At huntr, we love to celebrate the incredible talent working with us to build a safer AI-powered world. Our community of over 15,000 hackers and threat researchers are constantly uncovering and...

How I Discovered a Server-Side Template Injection Vulnerability in berriai/litellm

Introduction Hi, everyone! My name is Mevlüt Akçam, aka mvlttt on huntr, and I'm excited to break down my discovery of a Server-Side Template Injection (SSTI) vulnerability in the /completions endpoint of...

Supported by Palo Alto Networks and Prisma AIRS, the world's most comprehensive AI security platform.

2026 Palo Alto Networks, All rights reserved.

Privacy Statement Terms of Use Terms of Participation Code of Conduct Contact Us Do Not Sell or Share My Personal Information