July 9, 2026

Episode 182: Partial Auth, Hackbot GraphQL, and AI's #1 Mission

Episode 182: Partial Auth, Hackbot GraphQL, and AI's #1 Mission
Episode 182: Partial Auth, Hackbot GraphQL, and AI's #1 Mission
Critical Thinking - Bug Bounty Podcast
Episode 182: Partial Auth, Hackbot GraphQL, and AI's #1 Mission
Apple Podcasts podcast player badge
Spotify podcast player badge
Castro podcast player badge
RSS Feed podcast player badge
YouTube podcast player badge
Apple Podcasts podcast player iconSpotify podcast player iconCastro podcast player iconRSS Feed podcast player iconYouTube podcast player icon

Episode 182: In this episode of Critical Thinking - Bug Bounty Podcast we talk about some recent bugs involving WPM, MCP, and a possible emerging bug class using Wayback. We also talk about some GraphQL Hackbot finds, and what AI’s #1 mission should be.


Follow us on twitter at: https://x.com/ctbbpodcast

Got any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.io

Shoutout to YTCracker for the awesome intro music!



====== Links ======

Follow your hosts Rhynorater, rez0 and gr3pme on X:

https://x.com/Rhynorater

https://x.com/rez0__

https://x.com/gr3pme


Critical Research Lab:

https://lab.ctbb.show/


Need a Pentest? We just launched CTBB Pentests!

https://pentest.ctbb.show/


Hack full time? Check out the Full-Time Hunter’s Guild!

https://ctbb.show/fthg


====== Ways to Support CTBBPodcast ======

Hop on the CTBB Discord at https://ctbb.show/discord!


We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.


You can also find some hacker swag at https://ctbb.show/merch!


====== This Week in Bug Bounty ======

LeHack 2026 Recap

https://event.yeswehack.com/events/lehack-2026


Don’t eat the ChocoPoCs! How vulnerability researchers were repeatedly targeted by trojanised exploits

https://www.yeswehack.com/fr/news/chocopocs-vulnerability-researchers-trojanised-exploits


Navigating the AI Wave: How We're Keeping Security Research Meaningful

https://www.hackerone.com/blog/ai-driven-report-volume-insights-and-actions


====== Resources ======

Caido Skills

https://github.com/caido/skills/pull/22


Hunting For AWS Cognito Security

Misconfigurations

https://www.yassineaboukir.com/talks/NahamConEU2022.pdf


X MCP

https://docs.x.com/tools/mcp


US South Summer Sessions: Hack the Heat

https://h1.community/events/details/hackerone-us-south-hackerone-club-presents-us-south-summer-sessions-hack-the-heat/


====== Timestamps ======

(00:00:00) Introduction

(00:08:31) WPM Bug & Wayback to Guest Bearer

(00:18:42) GraphQL Hackbot Finds, Fable Updates, & AI's #1 Mission

(00:29:45) MCP, US South H1 Event, & AI Sandbox Escapes