I'm Ibrahim AH, an AI engineer and bug bounty hunter. I started studying IT in 2019 at university and specialized in the AI domain in 2023. In my free time, I began learning about bug bounty in 2022 as a part-time pursuit. After approximately six months, I found my first valid vulnerability in a private program and received a $250 bounty — my first bounty.
Today, I would like to talk about my experience with AI tools.
I started using AI tools around 2023, and it was an amazing experience. They helped me complete my university projects faster and better understand vulnerabilities. Yes, this was the era of LLMs (Large Language Models), which became significantly better at understanding human language and responding with appropriate answers. During that period, the most popular model was ChatGPT (GPT-3.5).
Now, without further ado, let's dive in.
While browsing my X account, I found this tweet:
As you can see, it was a challenge to spot the XSS vulnerability. Immediately, I grabbed my coffee and started trying to solve the lab. After a few hours, I successfully bypassed the filters and triggered an alert.
It was an amazing challenge! I highly recommend going to the tweet and trying to solve it.
Then I thought: why not give this code to ChatGPT and ask it to bypass the filters and provide the exact payload to trigger XSS?
I started with this prompt:
The response was good. It was able to analyze the code and understand the logic.
However, it wasn't able to provide the correct payload:
I said, "Okay, this is the first attempt. Let's go deeper."
As you can see, GPT understood the concept of the code and how the pipeline worked. However, it still couldn't generate the correct payload:
In the third attempt, I provided a more detailed prompt (with a bit of roasting 😂), and the response was:
I didn't continue the full conversation because I didn't want the article to become too long and boring. However, after giving it some hints, GPT eventually provided a near-correct payload — but it still required manual adjustments to work.
So what did we learn from this story?
I'm not here to mock AI — quite the opposite. AI has revolutionized our time and transformed the job market.
But here's the important lesson:
If you don't have enough knowledge about what you're doing, AI won't benefit you much.
The real formula is:
Your skills + AI = the best version of you.
That's all for now. I hope you found this article helpful. This is my first write-up, so I apologize for any confusion. I hope my future articles will be even better.
Thank you!