👉 Subscribe:

Subscribe now

What I will (and won’t) publish

• ✅ Learning Notes: Key takeaways from worthwhile papers/projects/articles and my transferable reasoning.

• ✅ Dev Reflections: Design trade-offs, parameter choices, costs, and pitfalls while building my AI security automation testing framework.

• ✅ Discovery Ideas: How to identify testable starting points and minimal validation paths across MLSys, open-source models/frameworks, mainstream products & plugins, and multimodal/agent systems.

• ❌ Won’t disclose: Any reproducible exploit details, unpatched risks, or information involving private or production data.

Challenge Goals

• Produce 100 high-quality vulnerability reports.

• Cumulative bounty target: $50,000 (subject to platform/vendor confirmation).

• ≥2 hours of hands-on work per day, with weekly reviews and monthly summaries.

• Release a public (abstracted) version of the AIPwn methodology + automation toolchain.

Challenge Scope

This challenge centers on AIPwn (vulnerability discovery in AI systems) and covers:

1) Vulnerability Types

Prompt Injection | Jailbreak | Data Leakage | Denial of Service | Model Inversion | Multimodal adversarial issues and other emerging categories

2) Target Systems

• Models & Frameworks: Major LLMs (including open-source), RAG/retrieval pipelines, plugins, and tool interfaces.

• Products & Ecosystem: Popular AI products and open-source projects; multimodal systems (image/audio/video/tool calls); multi-agent/agent systems.

3) Methodology

• Develop an AI security automation testing toolkit.

Why this challenge?

AI security matters more than ever. Through this challenge, I hope to:

• Strengthen my professional capabilities in AI security.

• Contribute to the safety of AI products.

• Explore a systematic approach to AI vulnerability research.

• Promote responsible disclosure in AI security.

I’ll share progress regularly on Zhihu and AIPwn. If you’re interested in AI security, let’s connect and discuss!

About the Author

I’m a researcher passionate about AI security, focusing on the area for 8 years, with 10+ years of machine learning/NLP R&D experience. I hope this challenge not only sharpens my skills but also contributes to the AI security community.

I’ll be syncing my research experiences and findings through AIPwn.org as they happen, so feel free to follow along if you’re interested.

Model Security in the LLM Era

Last month, I gave a talk on model security for a big company. Below are a few screenshots from the slides I used at the time. The link to the slides is at the end—feel free to reach out and discuss!

Slides link: LLM时代的模型安全

What AI Bounty Focuses On

I’m still in the learning phase right now and plan to cover all the basics. Currently, very few vendors accept AI vulnerabilities, so the most promising starting point is likely AI infrastructure.

Of course, I’ll also dive into some of the latest topics, like Agent security (which I covered in the slides above) and the recently trending MCP protocol security.

This year is being called the "Year of Agents," so a lot of my effort will go into exploring the expanded attack surface of Agents.

I’ll also be working on some open-source projects related to AI security, which I’ll share via AIPwn.org when the time comes.

Hopefully, in 2025, we all come away with something valuable.

My X: pxiaoer

When embarking on a bug bounty journey, it's best to start by carefully reading the relevant documentation, especially the Program details, which include things you must understand. Treat this as information gathering, read it several times, and form a profile with much of the content.

OpenAI's bug bounty program is hosted on Bugcrowd, link: https://bugcrowd.com/openai

Read more