Introduction

Some researchers dip their toes into AI/ML security. Phung Van Tai (aka @taiphung217) cannonballed in. Valedictorian of Vietnam’s Academy of Cryptography Techniques and now an AppSec engineer at OneMount Group, Tai rocketed from newcomer to quarterly #1 on the huntr leaderboard in just five months. Impressive, right? Dive into his journey below to see the full story.

Tell us a bit about yourself—what’s your background or story?

Hi everybody. My name is Phung Van Tai, also known as @taiphung217. I'm from Vietnam, and I recently graduated valedictorian in Information Security from the Vietnam Academy of Cryptography Techniques in early 2025. I'm about to pursue a master's degree to focus more deeply on vulnerability research. Currently, I’m working as an Application Security Engineer at OneMount Group, one of the leading technology companies in Vietnam.

I first got into technology and cybersecurity around 2022, when I was still a member of the KCSC cyber security club at my university. I'm also part of ARESx, an international CTF team where we regularly learn, research, and compete together.

Cybersecurity has been a very exciting journey for me. I enjoy learning how systems work, how they might break, and figuring out the logic behind potential vulnerabilities. I regularly play CTF with friends, and the experience helps me apply practical knowledge in both my job and research.

How did you first get into AI/ML bug bounty hunting? 

I first came across huntr in 2023, back when it was more focused on traditional open-source bounty and CVEs, before the AI/ML direction became a focus. Those were probably the best days to hunt general vulnerabilities, but I only started focusing seriously on AI/ML targets about five months ago.

Since then, after months of research and many late nights, I was able to move from being new on the platform to ranking #1 on the quarterly leaderboard. There’s still a long way to go for the all-time board.

The growth of platforms like ChatGPT sparked my interest in AI/ML security. At that time, there weren’t many CVEs in this area, and I saw it as a chance to explore something still quite new. I started looking into systems like Transformers, Ollama, PyTorch, and TensorFlow, which I also use in my work and studies.

I enjoy the challenge and the thinking process. I often choose difficult targets and set monthly goals for myself. I also regularly study PoCs and past reports from other researchers to expand my perspective.

What’s your general approach when hunting for vulnerabilities?

I think choosing the right target is one of the most important steps. I usually split my workflow into manual and automated testing.

On the manual side, I spend a lot of time reading documentation carefully to understand how a system works, looking for edge cases and logic errors that could be exploited. For automation, tools like Joern and  AFL++ help a lot. But more often, I prefer to study existing 1-day vulnerabilities from past reports on the same project. I analyze them, understand the context, and see if similar issues exist elsewhere in the codebase. This approach often leads to discovering new variants or deeper flaws.

I focus mainly on high-impact vulnerabilities such as Remote Code Execution (RCE), Denial of Service (DoS), sandbox bypasses, and arbitrary file read/write. I’m not trying to find the most bugs—I aim to find meaningful, difficult vulnerabilities in important systems.

For example, I recently worked on MLflow. I studied reports from top researchers like @zpbrent, @haxatron, and @kevin-mizu, whom I truly admire. After about three days, I found a path traversal bug. Instead of reporting it right away, I kept going, and after two more days of work, I managed to escalate it to arbitrary file write and eventually to RCE through a file-writing feature. That five-day effort really taught me a lot and reinforced my goal of always aiming for RCE-level impact when possible.

How did you come across huntr, and what’s your experience been like so far?

I discovered huntr through posts on X (Twitter) while I was still submitting vulnerabilities through GitHub Advisories or MITRE.

I was really glad to find a platform that allowed me to submit bugs, earn bounties, get CVEs, and directly collaborate with maintainers—all in one place. Since then, I’ve transitioned most of my submissions to huntr instead of creating GitHub security tickets.

The workflow with maintainers is smoother and faster on huntr, which I really appreciate. From what I can tell, huntr might be the first platform to seriously support AI/ML vulnerability reporting, and now they’ve even started accepting Model File Format bugs—which is great. I haven’t found a vulnerability in that area yet, but I’m actively exploring it.

Honestly, I still consider myself new here. But what’s helped me is persistence and picking hard, high-impact targets. They take more time to understand and exploit, but the reward is both in learning and in contribution.

After just five months of consistent effort, I managed to reach the top of the quarterly leaderboard, so I truly believe that anyone can do it if they’re patient, curious, and keep trying.

Thanks for reading—I'm taiphung217, see you around!

Join the hunt

Hungry to follow Tai’s path? Grab our MFV Beginner’s Guide, spin up those test environments, and aim your focus at high-impact AI/ML targets. Whether you’re chasing your first CVE or your tenth RCE, huntr has the bounties, the community, and the tooling to back you up. Happy hunting!