青少年研究员:AI漏洞被否认,后来在未获署名的情况下修复
我14岁,居住在越南,7月份我发现了一个漏洞,暴露了一个主要AI模型的系统提示。我通过官方的漏洞奖励计划负责任地报告了这个问题。回应是:“不在范围内,只是一个AI问题。”<p>几周后,我再次检查——这个漏洞已经悄悄修复。没有任何承认,也没有给予我任何信用。<p>如果这“不是一个漏洞”,为什么要修复它?如果已经修复,为什么要忽视这个报告?<p>在这里分享,希望听到安全社区的看法。
查看原文
I’m 14, based in Vietnam, and in July I discovered a vulnerability that exposed the system prompt of a major AI model.
I responsibly reported it via the official bug bounty program. Response: “Out of scope, just an AI issue.”<p>Weeks later, I checked again — the bug had been quietly patched. No acknowledgment, no credit.<p>If it’s “not a bug,” why fix it? And if it’s fixed, why dismiss the report?<p>Sharing here to hear thoughts from the security community.