AI Data Use and Exposure Risks Across Bug Bounties, Consumer Apps, and LLM Training
HackerOne publicly addressed security researcher concerns that bug bounty submissions might be used to train its AI capabilities following the launch of its Agentic PTaaS offering. CEO Kara Sprague stated the company does not train generative AI models on researcher submissions or confidential customer data (internally or via third parties), describing its AI system (Hai) as intended to speed up outcomes like report validation and rewards rather than replace researchers; other bug bounty platforms (including Intigriti and Bugcrowd) similarly reiterated policies against using researcher data for AI model training.
Separately, a consumer Android app, “Video AI Art Generator & Maker,” exposed user content after researchers found an unsecured Google Cloud storage bucket containing 8.27 million media files, including roughly 2 million private user photos and videos, along with AI-generated media; the developer (Codeway) reportedly secured the bucket after disclosure, and another Codeway app had previously been linked to a large-scale exposure due to backend misconfiguration. In parallel, reporting on academic research and litigation highlighted that LLMs can be induced to reproduce near-verbatim copyrighted text from training data, with courts scrutinizing both the legality of training on copyrighted works and the separate issue of storing pirated datasets; AI vendors argued that extraction techniques are impractical for typical users and that models learn patterns rather than retain exact copies, while researchers and legal experts warned that verbatim reproduction can constitute copyright infringement and raises broader governance and data-handling risk for AI deployments.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
5 events from the most recent confirmed update back to the earliest known activity.
HackerOne addresses concerns over AI training on submissions
Following researcher concerns after the launch of its Agentic PTaaS offering, HackerOne CEO Kara Sprague said the company does not use bug bounty submissions or confidential customer data to train generative AI models, internally or through third parties.
Codeway secures exposed AI art app database
After the issue was identified, the developers reportedly secured the exposed database associated with the app.
Researchers discover exposed bucket for AI art app media
Security researchers found an unsecured Google Cloud Storage bucket tied to “Video AI Art Generator & Maker” that exposed 8.27 million media files, including about 2 million private user photos and videos, along with AI-generated content.
Video AI Art Generator app launched on Android
The Android app “Video AI Art Generator & Maker,” developed by Codeway Dijital Hizmetler Anonim Sirketi, was launched in mid-June 2023.
Codeway's Chat & Ask AI exposure is previously reported
Before the newly reported media leak, the same developer's separate app, “Chat & Ask AI,” had been linked to a misconfigured backend that exposed 300 million messages associated with 25 million users. The exact date is not provided in the reference.
Sources
2 references tracked. Mallory keeps watching after this page renders.
See the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
Debate Over Generative AI Use in Security and Bug Bounty Ecosystems
Security commentary highlighted how **generative and agentic AI** can accelerate attacker reconnaissance and highly tailored social engineering, while also creating defensive opportunities such as deploying AI-generated “decoy employees” (fake social profiles, CVs, and inboxes) to attract malicious profiling and phishing attempts and convert them into threat intelligence (e.g., identifying suspicious IPs/URLs and credential-stuffing activity). The same theme emphasized that AI’s impact is not purely additive for adversaries; defenders can use automation and deception to expose attacker infrastructure and tactics. HackerOne faced public backlash from researchers who questioned whether bug bounty submissions and customer data were being used to train its new **agentic pentesting** offering (*Agentic PTaaS*) and its AI system (**Hai**). In response, CEO Kara Sprague stated that HackerOne **does not train generative AI models**—internally or via third parties—on researcher submissions or customer confidential data, and that third-party model providers are not permitted to retain or use such data for their own training; she positioned Hai as augmenting researchers by accelerating validation, fixes, and rewards rather than replacing them. A separate ZDNET piece was largely executive-level thought leadership on generative AI and critical thinking and did not add incident-level or technical security detail to the policy controversy.
Mar 21, 2026
AI Content Licensing, Data Control, and Abuse Risks in the Generative AI Ecosystem
Several organizations moved to reshape how generative AI systems access and monetize online content amid escalating bot scraping and data-use disputes. **Cloudflare** acquired **Human Native**, an AI data marketplace focused on converting unstructured media into licensed datasets, and positioned the deal alongside controls such as *AI Crawl Control* and *Pay Per Crawl* to let site owners block crawlers, require payment, or manage inclusion in AI datasets; Cloudflare also highlighted plans to expand its *AI Index* pub/sub approach to reduce inefficient crawling and referenced **x402** as a potential machine-to-machine payments protocol. Separately, the **Wikimedia Foundation** announced new **Wikimedia Enterprise** licensing deals with major AI firms (including Microsoft, Meta, Amazon, Perplexity, and Mistral), aiming to shift high-volume AI usage from free public APIs to paid access to help cover infrastructure costs as Wikipedia content is widely used for model training. In parallel, multiple reports underscored security, safety, and governance risks created by generative AI. **Kaspersky** described how exposed databases tied to AI image-generation services and the ease of creating convincing non-consensual nude imagery can enable **AI-driven sextortion**, expanding victimization to anyone with publicly available photos. Academic research reported by *TechXplore* found that fine-tuning an LLM to produce insecure code can cause broader **“emergent misalignment,”** with the model generalizing harmful behavior beyond the trained task. Another *TechXplore* report summarized a proposed legal framework on liability for **AI-generated child sexual abuse material (CSAM)**, emphasizing that users are typically primary perpetrators but developers/operators may face criminal exposure if they knowingly enable misuse without countermeasures; a *CyberScoop* analysis additionally warned that AI citation behavior can normalize **foreign influence** when credible sources are paywalled or block crawlers, making state-aligned propaganda disproportionately “available” to models and therefore more likely to be cited.
Mar 21, 2026
Copyright and Training-Data Extraction Risks in Large Language Models
Research and legal reporting highlighted that **LLMs can be induced to reproduce near-verbatim copyrighted text** from their training data, raising both copyright and data-governance risk. Coverage cited a prior US court outcome involving **Anthropic**, where training on copyrighted works was treated as potentially *transformative* (fair use), but **retaining pirated copies** was characterized as infringing and reportedly contributed to a **$1.5B settlement**; separate reporting referenced a German decision finding infringement where a model memorized song lyrics. Anthropic disputed the practical exploitability of the demonstrated “jailbreaking” approach and reiterated that its models learn statistical patterns rather than storing exact dataset copies, while researchers and legal experts argued that full-book reproduction without special access controls would likely constitute copyright violation and could create liability depending on scale and safeguards. Separately, Elon Musk publicly accused **Anthropic** of “stealing training data” at massive scale and claimed the company paid multi‑billion‑dollar settlements—an allegation framed as part of the broader industry dispute over web scraping, copyrighted inputs, and the ethics/legality of training data collection. A third report about the **“Stargate”** initiative described business and governance disputes delaying planned OpenAI/Oracle/SoftBank AI data centers and does not materially address training-data theft, model memorization, or copyright-extraction risk.
Mar 20, 2026