Episode 162: In this episode of Critical Thinking - Bug Bounty Podcast Justin and Joseph sit down with HackerOne Founder & CTO Alex Rice to discuss concerns of Using Hacker Data for AI and decreasing bounties.Follow us on twitter at: https://x.com/ctbbpodcastGot any ideas and suggestions? Feel free to send us any feedback here: [email protected] to YTCracker for the awesome intro music!====== Links ======Follow your hosts Rhynorater, rez0 and gr3pme on X: https://x.com/Rhynoraterhttps://x.com/rez0__https://x.com/gr3pmeCritical Research Lab:https://lab.ctbb.show/ ====== Ways to Support CTBBPodcast ======Hop on the CTBB Discord at https://ctbb.show/discord!We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.You can also find some hacker swag at https://ctbb.show/merch!Today's Sponsor: Join Justin at Zero Trust World in March and get $200 off registration with Code ZTWCTBB26https://ztw.com/Today’s Guest: https://x.com/senorarroz====== This Week in Bug Bounty ======XML external entity: The ultimate Bug Bounty guide to exploiting XXE vulnerabilitieshttps://www.yeswehack.com/learn-bug-bounty/xml-external-entity-guide-xxe?utm_source=Critical_Thinking&utm_medium=Youtube&utm_campaign=XXE_Critical_Thinking&utm_id=XXE_CTBug Bounty Maturity Frameworkhttps://bugbountymaturity.com/====== Resources ======Confidential Information and Confidentiality Obligationshttps://www.hackerone.com/terms/general#:~:text=HackerOne%20may%20use%20Confidential%20Information%20to%20develop%20and/or%20improve%20its%20Services%20(for%20example%2C%20to%20identify%20trends%2C%20and%20to%20train%20AI%20models)%20provided%20such%20use%20does%20not%20result%20in%20disclosure%20of%20Confidential%20Information%20to%20unauthorized%20third%20partiesOwnership and Licenseshttps://www.hackerone.com/terms/community#:~:text=8.%20Ownership%20and%20LicensesI argued with an AI regarding HackerOne using Hacker reports to train PtaaShttps://bugbounty.forum/post/183ff0fc-eb9e-47f8-991d-c0aa5b0bba71HackerOne PTaaS (likely training their AI on private reports data)https://www.reddit.com/r/bugbounty/comments/1r5hixk/hackerone_ptaas_likely_training_their_ai_on/What Makes Agentic PTaaS Different in Real Environmentshttps://www.hackerone.com/blog/agentic-penetration-testing-as-a-service#:~:text=Our%20agents%20are,real%20enterprise%20constraints====== Timestamps ======(00:00:00) Introduction(00:08:44) HackerOne AI Terms of Service (00:24:56) Agentic PTaaS(00:38:09) Selling data(00:43:49) Decrease in Bounties