Resources / Blogs

Joseph Thacker (rez0)

AI Security, LLMs, and creative hacking

Joseph Thacker (rez0) logo

Joseph (rez0) is a pioneer in AI Security. His blog is the go-to resource for understanding how to hack LLM-integrated applications and the future of “AI-Powered Reconnaissance.”


Why Follow This Blog

Joseph Thacker combines active bug bounty hunting with cutting-edge AI security research. His practical approach to hacking LLM-integrated applications and his exploration of AI-powered security tools makes his blog essential reading for security professionals adapting to the AI era.

Key Topics Covered

AI & LLM Security

  • Prompt Injection: Exploiting LLM-integrated applications
  • AI Agent Attacks: Targeting autonomous AI systems
  • RAG Exploitation: Attacking Retrieval-Augmented Generation systems
  • LLM Jailbreaks: Bypassing AI safety mechanisms
  • AI-Powered Recon: Using AI for vulnerability discovery

Bug Bounty Methodology

  • Target Selection: Choosing high-value targets
  • Recon Techniques: Modern reconnaissance approaches
  • Vulnerability Chaining: Combining bugs for impact
  • Report Writing: Effective vulnerability communication

Web Application Security

  • Authentication Flaws: Login and session vulnerabilities
  • Authorization Issues: Access control bypass
  • API Security: REST and GraphQL exploitation
  • Business Logic: Application-specific vulnerabilities

Productivity & Tools

  • Automation: Streamlining security workflows
  • Tool Development: Building custom security tools
  • AI Assistants: Leveraging AI for security work
  • Efficiency Tips: Working smarter as a researcher

Visit website → · RSS feed