Cybersecurity Researcher Discovers $3,000 AI-Related Vulnerability in Bug Bounty Program

The video documents a cybersecurity researcher’s discovery of a $3,000 AI-related vulnerability in a real bug bounty program, though the report was duplicated by another researcher five days prior. The flaw involved a chatbot with access to sensitive user data (PII such as names, emails, and addresses) and a built-in tool capable of making outbound HTTP requests to external URLs. The researcher exploited this by injecting a prompt into a trusted knowledge base, effectively performing a "watering hole" attack where the AI automatically exfiltrated data to an attacker-controlled server whenever users interacted with the poisoned resource. Techniques included bypassing markdown restrictions by embedding data in subdomains or query parameters, and leveraging the chatbot’s "fetch URL" function to transmit stolen information. The demonstration used a free lab environment called ShopMate on Hacker101 to simulate the attack, showing how unauthorized data access could scale across multiple users without direct interaction. Key takeaways emphasized that AI features in applications often introduce overlooked attack surfaces, as they inherit existing data vulnerabilities while adding new risks like automated data exfiltration. The researcher highlighted the growing prevalence of AI integrations in bug bounty targets and encouraged testing these components despite their perceived complexity.