@j404

Finding 0days with AI

Jan 26 · 21 min read · For decades, many bug hunters and security pros have used manual testing, static analysis, and fuzzing to find vulnerabilities. Enter the age of AI. Many are skeptical, but when I look around I see mo

AwesomeBot meets MCP

Jan 23 · 3 min read · Intro AwesomeBot is an awesome AI Chatbot! It was vibe coded from scratch to have a ton of awesome features without much security in mind so various attacks and offensive methods can be demonstrated. Today, AwesomeBot meets MCP. What happens next? Le...

How System Prompts Are Leaked

Jan 20 · 8 min read · Hundreds of system prompt leaks and jailbreaks of models over the past few years have been extracted and disclosed publicly in various blogs, posts and repos. Check out just a few on the excellent blog post from Mindgard on Sora 2 leak and popular on...

AwesomeBot meets Prompt Injection

Jan 14 · 7 min read · Intro AwesomeBot is an awesome AI Chatbot! It was vibe coded from scratch to have a ton of awesome features without much security in mind so various attacks and offensive methods can be demonstrated. This series of blog posts serves as a way to under...

LibreChat MCP Stdio Remote Command Execution

Jan 10 · 4 min read · Summary LibreChat's Model Context Protocol (MCP) implementation contained a critical vulnerability (CVE-2026-22252) that allowed any authenticated user to gain root-level remote code execution (RCE) within the Docker container. A single API request c...