Designing and Participating in AI Bug Bounty Programs

Explore advanced AI security vulnerabilities and bug bounty strategies in this comprehensive conference talk from DEF CON 33. Dive deep into real-world AI attack vectors including adversarial prompts, indirect prompt injection, context poisoning, and RAG (Retrieval-Augmented Generation) manipulation techniques. Learn why conventional security defenses frequently fail against AI-specific threats and discover actionable methodologies for identifying high-impact vulnerabilities in AI systems. Master practical approaches for uncovering unique AI flaws that traditional security testing might miss, and develop skills for effectively communicating the severity and business impact of discovered vulnerabilities to organizations. Gain fresh attack perspectives, strategic frameworks for AI security research, and proven techniques for maximizing earnings in AI-focused bug bounty programs through hands-on technical demonstrations and expert insights from experienced security researchers.