Hello everyone, I’m pxiaoer from AIPwn.org. I’m launching a 100-day AIPwn bug-hunting challenge. From 2025/09/23 to 2026/01/01, I will devote ≥2 hours every day to AI security practice, and continuously publish learning notes, dev reflections, and discovery ideas in the AIBounty column (no reproducible exploit details will be shared).
👉 Subscribe:
What I will (and won’t) publish
✅ Learning Notes: Key takeaways from worthwhile papers/projects/articles and my transferable reasoning.
✅ Dev Reflections: Design trade-offs, parameter choices, costs, and pitfalls while building my AI security automation testing framework.
✅ Discovery Ideas: How to identify testable starting points and minimal validation paths across MLSys, open-source models/frameworks, mainstream products & plugins, and multimodal/agent systems.
❌ Won’t disclose: Any reproducible exploit details, unpatched risks, or information involving private or production data.
Challenge Goals
Produce 100 high-quality vulnerability reports.
Cumulative bounty target: $50,000 (subject to platform/vendor confirmation).
≥2 hours of hands-on work per day, with weekly reviews and monthly summaries.
Release a public (abstracted) version of the AIPwn methodology + automation toolchain.
Challenge Scope
This challenge centers on AIPwn (vulnerability discovery in AI systems) and covers:
1) Vulnerability Types
Prompt Injection | Jailbreak | Data Leakage | Denial of Service | Model Inversion | Multimodal adversarial issues and other emerging categories
2) Target Systems
Models & Frameworks: Major LLMs (including open-source), RAG/retrieval pipelines, plugins, and tool interfaces.
Products & Ecosystem: Popular AI products and open-source projects; multimodal systems (image/audio/video/tool calls); multi-agent/agent systems.
3) Methodology
Develop an AI security automation testing toolkit.
Why this challenge?
AI security matters more than ever. Through this challenge, I hope to:
Strengthen my professional capabilities in AI security.
Contribute to the safety of AI products.
Explore a systematic approach to AI vulnerability research.
Promote responsible disclosure in AI security.
I’ll share progress regularly on Zhihu and AIPwn. If you’re interested in AI security, let’s connect and discuss!
About the Author
I’m a researcher passionate about AI security, focusing on the area for 8 years, with 10+ years of machine learning/NLP R&D experience. I hope this challenge not only sharpens my skills but also contributes to the AI security community.