Teen researcher: AI bug denied, later fixed without credit

6•Anh_khoa•5mo ago

I’m 14, based in Vietnam, and in July I discovered a vulnerability that exposed the system prompt of a major AI model. I responsibly reported it via the official bug bounty program. Response: “Out of scope, just an AI issue.”

Weeks later, I checked again — the bug had been quietly patched. No acknowledgment, no credit.

If it’s “not a bug,” why fix it? And if it’s fixed, why dismiss the report?

Sharing here to hear thoughts from the security community.

Comments

thankIsrael•5mo ago

If it is fixed, you can tell us what the bug is here. If your bug is just typing a prompt, than what you probably experienced is hallucination, and the hallucination has now been rectified.

yorwba•5mo ago

"Out of scope" doesn't mean it's not a bug, it means that it's not the kind of bug they pay bounties for. You'll need to read the fine print of the bug bounty program to find out which bugs are eligible and which are out of scope.

Five disciplines discovered the same math independently – none of them knew

We Scanned an AI Assistant for Security Issues: 12,465 Vulnerabilities

Amazon no longer defend cloud customers against video patent infringement claims

Show HN: Medinilla – an OCPP compliant .NET back end (partially done)

How Does AI Distribute the Pie? Large Language Models and the Ultimatum Game

Resistance Infrastructure

Fire-juggling unicyclist caught performing on crossing

Restoring a lost 1981 Unix roguelike (protoHack) and preserving Hack 1.0.3

GPS and Time Dilation – Special and General Relativity

Show HN: Witnessd – Prove human authorship via hardware-bound jitter seals

Show HN: I built a clawdbot that texts like your crush

Scientists reverse Alzheimer's in mice and restore memory (2025)

Compiling Prolog to Forth [pdf]

Show HN: Cymatica – an experimental, meditative audiovisual app

GitBlack: Tracing America's Foundation

Horizon-LM: A RAM-Centric Architecture for LLM Training

We just ordered shawarma and fries from Cursor [video]

Correctio

Trying to make an Automated Ecologist: A first pass through the Biotime dataset

Watch Ukraine's Minigun-Firing, Drone-Hunting Turboprop in Action

Free Trial: AI Interviewer

FDA intends to take action against non-FDA-approved GLP-1 drugs

Supernote e-ink devices for writing like paper

We are QA Engineers now

Show HN: Measuring how AI agent teams improve issue resolution on SWE-Verified

Adversarial Reasoning: Multiagent World Models for Closing the Simulation Gap

Show HN: Poddley.com – Follow people, not podcasts

Layoffs Surge 118% in January – The Highest Since 2009

Papyrus 114: Homer's Iliad

DicePit – Real-time multiplayer Knucklebones in the browser