# Target Discovery Briefing — 2026-02-12

## Source
- huntr.com bounties page (primary)
- bounty-targets-data repo for HackerOne scope reference

## Summary
12 targets identified from huntr. All AI/ML focused, $500-$1500 bounty range.

## Top Picks (scan priority)

| # | Program | Lang | Bounty | Attack Surface |
|---|---------|------|--------|----------------|
| 1 | MLflow | Python | $1,500 | MLOps, API, model loading, known vuln history |
| 2 | Dify | Python | $1,500 | LLM platform, plugins, file handling, API |
| 3 | LibreChat | JS | $1,500 | Auth, file upload, plugins, API |
| 4 | RAGFlow | Python | $1,500 | RAG, file parsing, API |
| 5 | PyTorch Serve | Python | $1,500 | Model serving API, model loading |

## Full Target List
- MLflow, Transformers, PyTorch Serve, RAGFlow, Dify, LibreChat, FastChat, BentoML, DB-GPT, ComfyUI, Apache Airflow, Triton Inference Server

## Next Steps
- Clone & scan top 3: MLflow, Dify, LibreChat
- Expand with HackerOne targets in next scout cycle