Critical Thinking - Bug Bounty Podcast Episode 137: How We Do AI-Assisted Whitebox Review, New CSPT Gadgets, and Tools from SLCyber
13 snips
Aug 28, 2025 Dive into the fascinating world of AI-assisted code reviews, where tools like Gemini enhance workflow and bolster security. The discussion reveals lucrative bounties in AI safety research, spotlighting companies like Anthropic and OpenAI. Discover innovative cybersecurity tools such as ch.at and Slice, designed to streamline bug bounty hunting. There's even a look at clever tactics like cache deception and WAF bypassing techniques, making this a must-listen for anyone in the hacking community!
AI Snips
Chapters
Transcript
Episode notes
LLM Helped Find A High-Crit SDK Bug
- Justin used Gemini CLI to analyze an SDK and found a high/critical vulnerability in under six hours.
- The assistant flagged the vulnerable area and quickly spun up PoCs to validate the issue.
Agents Multiply Recon And Automation
- AI agents can automate repetitive recon tasks like fetching subdomains, deobfuscating JS, or generating wordlists.
- Combining automation with scripted PoC generation significantly amplifies a hacker's productivity.
AI Safety Bounties Are High Stakes
- AI safety bug bounties now pay large rewards (up to $35k) for transferable jailbreaks and risky capabilities.
- These programs are driving focused research into jailbreaks, prompt injection, and model safety.