Critical Thinking Bug Bounty flags AI exploits

Critical Thinking Bug Bounty Podcast used its May 20 episode to focus on security failures in AI apps that connect language models to external tools, code repositories and client software. In episode 175, the hosts said they were discussing prompt-injection risks, client-side path traversal, or CSPT, in mobile and desktop software, and changes around Anthropic’s Claude access. The show’s X account published a post the same day linking to the episode and a set of related demonstrations and advisory threads. The podcast is hosted by Justin Gardner, who uses the handle Rhynorater, Joseph Thacker, who uses rez0, and Brandyn Murtagh, who uses gr3pme, according to the show’s public listings. A YouTube listing for episode 175 describes the installment as “Rhyno’s Hackbot Setup, Sick Bugs, and ZDI Drama,” and says the hosts compared hackbot setups and discussed recent Zero Day Initiative, or ZDI, developments. The social post cited in the source briefing added that the episode also covered AI-app exploits and Anthropic-related access changes. (youtube.com) ### What did the hosts say was the most serious AI-app pattern? The May 20 social post from Critical Thinking Bug Bounty said the episode flagged “wormable query parameter prompt injections” in AI apps with GitHub connectors. The risk described in the briefing is that an attacker can place malicious instructions in data an AI system treats as input, and that the connected agent can then modify repositories that auto-deploy changes. (castamatic.com) Microsoft said on May 7 that prompt injection in agent frameworks can be converted into remote code execution when an agent interprets a prompt, selects a tool and passes parameters into code. Cybernews reported last month that researchers had hijacked AI agents integrated with GitHub by using prompt-injection techniques to steal secrets and tokens. Those reports do not describe the CTBB example directly, but they document the broader class of attack the podcast said it was discussing. (youtube.com) ### Where did the GitHub numbers come from? The CTBB post cited 325 GitHub Security reports and $2,367 in April bounties. The source briefing attributes those figures to links included with the episode post, though the exact underlying GitHub page was not surfaced in search results reviewed for this article. GitHub’s public security pages show that the company operates a bug bounty program and publishes security research and advisory material, but the April tally cited by CTBB appears to come from a narrower source linked from the post rather than a broad GitHub blog summary. (microsoft.com) GitHub said in an April 28 blog post about a critical remote code execution flaw that it had received the report through its bug bounty program on March 4. That post is separate from the 325-report and $2,367 figures, but it shows GitHub continuing to process vulnerability submissions through the same program CTBB referenced. ### What is CSPT, and why was it in the episode? (bounty.github.com) The CTBB post said the episode also discussed CSPT vulnerabilities in mobile apps and desktop clients. CSPT commonly refers to client-side path traversal, a class of bug in which attacker-controlled path input can cause a client application to access unintended local or remote resources. The episode post linked advisory material and exploit threads, according to the source briefing, though those individual links were not all visible in open search results. (github.blog) The podcast’s framing put CSPT alongside prompt injection rather than as a separate topic area, suggesting the hosts were grouping together bugs that emerge when modern clients and AI tools accept untrusted input and then act on it. That characterization is an inference from the episode description and social post, not a direct quote from the hosts. ### What changed around Claude access? Anthropic said on May 6 that it had raised usage limits for Claude Code and the Claude API after signing a compute partnership with SpaceX. (youtube.com) Independent reports in April said Anthropic had also tested removing Claude Code access from some new $20 Pro-plan signups, with access shifting toward higher-priced Max tiers, though Anthropic’s official May announcements focused on higher limits rather than that pricing test. The CTBB post said episode 175 discussed “Claude -p access changes.” Public Anthropic materials reviewed in search did not surface a matching official note using that exact phrasing, so the article cannot independently verify the precise internal or command-line change the hosts were referring to. What is verifiable is that Claude Code access and usage policies were changing during the same period. ### Where can readers check the underlying material? (anthropic.com) Critical Thinking Bug Bounty’s May 20 X post remains the clearest public index for the story because it points to episode 175 and the linked exploit demonstrations and advisory threads referenced by the hosts. The show’s YouTube channel also lists episode 175 and identifies the hosts and episode timing. Anthropic’s May 6 announcement and GitHub’s public security pages provide the official company material closest to the access and bug-bounty references discussed in the episode. (anthropic.com) (youtube.com)