Partial Auth, Hackbot GraphQL, and AI's #1 Mission (Ep. 182)

Episode 182: In this episode of Critical Thinking - Bug Bounty Podcast we talk about some recent bugs involving WPM, MCP, and a possible emerging bug class using Wayback. We also talk about some GraphQL Hackbot finds, and what AI’s #1 mission should be. Follow us on twitter at: https://x.com/ctbbpodcast Got any ideas and suggestions? Feel free to send us any feedback here: [email protected] Shoutout to YTCracker for the awesome intro music! ====== Links ====== Follow your hosts Rhynorater, rez0 and gr3pme on X: https://x.com/Rhynorater https://x.com/rez0__ https://x.com/gr3pme Critical Research Lab: https://lab.ctbb.show/ Need a Pentest? We just launched CTBB Pentests! https://pentest.ctbb.show/ Hack full time? Check out the Full-Time Hunter’s Guild! https://ctbb.show/fthg ====== Ways to Support CTBBPodcast ====== Hop on the CTBB Discord at https://ctbb.show/discord! We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc. You can also find some hacker swag at https://ctbb.show/merch! ====== This Week in Bug Bounty ====== LeHack 2026 Recap https://event.yeswehack.com/events/le... Don’t eat the ChocoPoCs! How vulnerability researchers were repeatedly targeted by trojanised exploits https://www.yeswehack.com/fr/news/cho... Navigating the AI Wave: How We're Keeping Security Research Meaningful https://www.hackerone.com/blog/ai-dri... ====== Resources ====== Caido Skills https://github.com/caido/skills/pull/22 Hunting For AWS Cognito Security Misconfigurations https://www.yassineaboukir.com/talks/... X MCP https://docs.x.com/tools/mcp US South Summer Sessions: Hack the Heat https://h1.community/events/details/h... ====== Timestamps ====== (00:00:00) Introduction (00:08:31) WPM Bug & Wayback to Guest Bearer (00:18:42) GraphQL Hackbot Finds, Fable Updates, & AI's #1 Mission (00:29:45) MCP, US South H1 Event, & AI Sandbox Escapes