The post argues that prompt injection should not be viewed as a standalone vulnerability but rather as a delivery mechanism for potential vulnerabilities in AI systems. The author discusses various examples of how prompt injection...
About:
Joseph Thacker is a Solo Founder and Bug Bounty Hunter specializing in application security and AI, with interests in hacking and ai-art.
Website:
Specializations:
Interests:
Incoming Links:
Outgoing Links:
Subscribe to RSS:
A security flaw in Bondu's AI children's toys exposed sensitive data, prompting a discussion on the risks of smart devices for kids and the importance of robust security measures.
The post discusses the concept of 'AI Comprehension Gaps,' which refers to the discrepancies between human understanding and AI interpretation of information. It highlights five examples of these gaps, including invisible Unicode ...
AI tools like Claude Code are revolutionizing bug bounty hunting by enhancing vulnerability detection, but human expertise remains essential for effective triage and decision-making.
The article discusses the oversight in AI safety measures regarding child users. It highlights that current AI models are primarily tuned for adult users, leading to inappropriate responses for children. The author emphasizes the ...
The blog post discusses a technique called 'Metanarrative Prompt Injection,' which involves directly addressing AI systems to influence their behavior. The author provides examples of this technique in action, including its use in...
The blog post discusses the importance of having short domains for XSS payloads in bug bounty hunting. The author shares their experience of spending a day searching for a suitable domain, detailing the significance of ASCII and U...
Joseph Thacker highlights the insights from Daniel Miessler's book 'The Real Internet of Things,' emphasizing its accurate predictions about the evolution of technology, particularly the shift from humans adapting to technology to...
AI's rise will democratize software creation, increase bug submissions this year, but may ultimately challenge the bug bounty landscape as companies adopt AI for internal testing.
3.1Words I Live By
2026-01-12 • prayer christianity bible faith liturgy
A personal liturgy of favorite Bible verses rephrased in the first person aims to deepen the reader's connection to faith and scripture.
The text discusses the potential impact of AI on bug bounty programs, predicting a gradual shift towards automation but emphasizing the ongoing need for human hackers. It also highlights the increasing demand for talented hackers ...
The post discusses the concept of 'Root For Your Friends' and how it can improve one's career, happiness, and relationships. It emphasizes the importance of supporting friends and the positive impact it can have on everyone involv...
The author discusses how they reverse engineered the Granola API to get their notes into Obsidian, including the steps they took and the Python script they used to accomplish this.
0Introducing the Glazing Score 🍩
2025-04-30 • language models sycophancy ai
The Glazing Score is a new AI Benchmark designed to test language models for sycophancy. It aims to evaluate a model's tendency to validate irrational beliefs, mirror conspiratorial thinking, and avoid pushback on the user. The im...
The post discusses how to maximize happiness and satisfaction at a meta level by aligning actions with beliefs, focusing on longevity, perception, and circumstances. It emphasizes the importance of knowing, wanting, and doing to o...
0High Agency Hacking
2025-03-28 • cybersecurity hacking bug bounty high agency
The essay 'High Agency' by George Mack explores the concept of high agency in bug bounty, emphasizing the importance of navigating the process with a high agency mindset. It provides tips on how to increase scope, request addition...
Joseph Thacker introduces guided-capture, a Python package that automates structured interviews using AI to gather the right context for AI applications. The package uses LLMs to conduct goal-oriented interviews, generates relevan...
The text is a comprehensive guide to hacking AI applications, covering topics such as understanding current AI models, getting comfortable using LLMs, and AI attack scenarios. It also discusses prompt injection, AI app responsibil...
0Shift: AI-Powered Hacking
2025-01-04 • web development automation hacking
Shift is an AI-powered plugin for Caido, the web proxy, designed to transform the hacking process by automating actions and simplifying complex tasks. It offers customization and flexibility, saving time for users. The creators, J...
The post discusses the concept of profession-based AI dashboards, providing examples of prompts for different professions and explaining the benefits of the idea.
The text discusses the concept of a 'data wall' with LLMs and argues that the issue is not a lack of training data, but rather the nature of the questions being asked. The author suggests that the next big leap in AI will be in ag...
0Internal Monologue Capture
2024-08-01 • technology internal monologue
The text discusses the concept of internal monologue capture for AI applications, using the example of hacking and content discovery. It emphasizes the importance of capturing the thought process of experts to improve AI capabilit...
Claude 3.5 Sonnet is a new AI model that is fast, cost-effective, and advanced, making it suitable for a wide range of applications. It can be used as a hacking assistant with the right jailbreak prompt, providing ideas and payloa...
The text discusses the risks associated with AI, particularly in terms of alignment, safety, and security. It highlights the potential dangers of generative AI and the need for more nuanced discussions around AI safety. The author...