BEGIN:VCALENDAR
VERSION:2.0
PRODID:-//pretalx//cfp.pacifichackers.com//KNEYAQ
BEGIN:VEVENT
UID:pretalx-hackthebay-2026-KNEYAQ@cfp.pacifichackers.com
DTSTART:20260323T140000Z
DTEND:20260323T144500Z
DESCRIPTION:AI is not just changing the systems we build\, but the kinds of
  issues that show up in a bug bounty queue. As someone who triages submiss
 ions for a large public bug bounty program\, I've seen how AI related find
 ings introduce new gray areas. These issues do not always look like tradit
 ional vulnerabilities. They often sit at the intersection of model behavio
 r\, product design\, and real security impact.\n\nIn this workshop\, I'll 
 walk through how AI reports enter our bug bounty program\, how policy boun
 daries are applied in practice\, and how we evaluate whether a finding rep
 resents meaningful risk.\n\nIn the second half\, we'll get hands-on with a
  vulnerable MCP style server adapted from the open source Vulnerable MCP S
 ervers Lab. We'll reproduce a trust boundary failure\, analyze its impact\
 , and walk through how a report like this would be classified and triaged 
 inside a real bug bounty program.\n\nThis session offers a practical look 
 at how AI vulnerabilities are evaluated from the triage side and how archi
 tectural decisions determine whether an AI issue stays theoretical or beco
 mes infrastructure risk.
DTSTAMP:20260422T181758Z
LOCATION:TALKS
SUMMARY:What Happens After You Report an AI Bug: From Model Behavior to Rea
 l Impact - Ani Turner
URL:https://cfp.pacifichackers.com/hackthebay-2026/talk/KNEYAQ/
END:VEVENT
END:VCALENDAR