// ai-augmented offensive security
KNOX
Vibe hacker. I break web apps, APIs, and the AI systems built on top of them — and I bring AI to the hunt.
- bug bounty
- red team
- llm security
- recon & automation
about
I’m Knox — an independent offensive security researcher and bug bounty hunter. I find and responsibly disclose vulnerabilities in web applications, APIs, and the AI/LLM systems teams are racing to ship.
My edge is AI-augmented hunting: I pair deep manual testing with models and custom automation to map attack surface fast, chain subtle logic flaws into real impact, and turn noise into a handful of high-signal, reproducible reports.
> status: available for select private programs, collaboration & AI security research.
arsenal
-
01
AI / LLM security
Prompt injection, jailbreaks, insecure tool & agent use, data exfiltration, and ML supply-chain risk.
-
02
Web application security
OWASP Top 10, authn/authz flaws, and business-logic abuse chained into high-impact bugs.
-
03
API & GraphQL
Broken object/function-level authorization, mass assignment, and introspection abuse.
-
04
Recon & automation
Asset & content discovery and AI-driven tooling to scale coverage across huge scopes.
-
05
Source & SAST review
Reading code to locate sinks, auth gaps, and unsafe deserialization before they ship.
-
06
Cloud & infra
Misconfigurations, exposed services, secrets handling, and identity-boundary testing.