The Problem

Bounties and contests are becoming a popular way to test AI agents against prompt injections. In web2, platforms like GraySwan AI propose jailbreaking contests to users, offering different targets ("extract user personal data" etc). GraySwan offer prizes based on the severity of the vulnerability (like Cantina is doing for smart contract security).

In web3, platforms like Freysa, crack.fun and Jailbreak.me have gamified the prompt injection experience, offering users the opportunity to break AI models in exchange for tokens (sending prompts costs).

We believe that this format can work very well, but it is limited:

• on one hand, they work only for manual testing. If a security researcher has built an API based attack (like we are doing at HackAgent), there is no simple way to test these against the model
• on the other hand, they are not really putting in contact agents in need for security with attackers. The bounties are indeed sponsored by the platform themselves, that use bounties to collect prompt injections and enlarge their IP.

The opportunity

As part of our AI security product, we have built Hackagent Bounty, a bounty platform that allows anyone to get its own agent stress test by security researchers.
AI builders can create an endpoint for the tests and set goals (like "bypass content moderation filters"). AI security researcher can try to break these agents / models manually or via API. An LLM judge evaluates the breaches and a leaderboard of top developers is created.

Where does x402 fit in

We used x402 to have security researchers pay to call the models (and avoid spam), while in the same time increasing the bounties pot.

The team

We have already built hackagent (https://security.vista-labs.ai/) , an open source framework to stress test AI agents.