Hack AI. Defend AI. Get Funded.

pwnAI Security Research Initiative

The pwnAI Security Research Initiative, launched by Zenity Labs, empowers independent researchers, academics, and practitioners to explore the frontier of AI agent security. This program provides funding and recognition for original research that uncovers vulnerabilities, explores supply chain risks, and develops new defenses for the rapidly evolving agentic AI ecosystem.

Selected participants receive a $2,000 grant, amplification of their findings through Zenity Labs’ blog, and the opportunity to contribute directly to shaping the future of AI security. With AI agents integrating into enterprise workflows at unprecedented speed, responsible research into attack techniques, defenses, and secure architectures has never been more critical.

By supporting groundbreaking work in vulnerability discovery, TTP exploration, and defensive best practices, the pwnAI Security Research Initiative strengthens the broader AI community while ensuring safer innovation.

Program Overview and Policy

Zenity Labs is launching an AI Agent Security Research Grant Program to support independent research into breaking and securing AI agents and their broader ecosystem. This initiative invites researchers to submit creative, boundary-pushing proposals that will help build a safer future for Agentic AI. We are especially interested in research demonstrating new end-to-end attacks or highlighting new TTPs.

Expectations

  • Research proposals are reviewed by the program review board on a periodic basis.

  • Selected researchers will receive public recognition for their research through the Zenity Labs blog and will also receive a financial honorarium of $2,000.

  • The researcher is expected to finish the research and produce a blog within 1 month.

  • The researcher maintains ownership of their research, and is free to submit bounties or talks (after the 14 day period).

  • All research must follow good-faith security practices and responsible disclosure principles.

Contact

For submissions and questions, reach us at [email protected].

FAQ: Zenity Labs AI Agent Security Research Program

What kinds of research are in scope?

  • We support research that drives a more secure ecosystem for AI Agents, including:

    • Vulnerability discovery in AI agent frameworks

    • Supply chain risks (plugins, APIs, data sources)

    • Attacks on agent planning, decision-making, or memory

    • Ecosystem-level risks (orchestration, multi-agent systems)

    • Secure development practices and defensive architectures

  • We are especially interested in new and original research demonstrating new end-to-end attacks or highlighting new TTPs.

  • Out of scope: Pure AI ethics/safety without a security angle, or work lacking testable results

How much funding is available?

  • Each selected research project receives a flat $2,000 honorarium:

    • 10% upfront at project start

    • 90% upon approval and publication of the final blog

What’s the expected timeline?

  • Research completed within 1 month of selection

  • Final Blogs are published on the Zenity Labs site

Who is eligible to apply?

  • Independent researchers, academic teams, and industry practitioners

  • We cannot fund individuals/entities on sanctions lists or located in sanctioned territories

What’s the submission process?

  • Submit proposals to SESSIONIZE

    • Submission must include:

      • Abstract (300–500 words) describing:

        • The research hypothesis and goal 

        • Methodology 

        • Proposed target

        • Estimated completion timeline for research and blog

      • Researcher bio

  • Proposals are acknowledged within 3 business days

  • A review board evaluates submissions monthly for novelty, feasibility, and impact

  • Applicants are notified of selection within 4–6 weeks

What deliverables are expected?

  • Bi-weekly check-ins with the Zenity program manager

  • A technical report including findings, PoCs, and mitigations (reviewed internally)

    • The internal team holds the right to reject research at this stage if the technical report does not meet the criteria of new and original research and the expected quality. The remaining 90% amount will not be paid if a research is rejected by internal team.

  • A polished public blog post (reviewed and approved by Zenity prior to publication)

What about intellectual property and publishing rights?

  • Research will be open-sourced by the author under Creative Commons Attribution-NonCommercial-ShareAlike 4.0

  • Zenity Labs holds a 14-day exclusive right to first publication to allow for maximum amplification of your research to the community

  • After Zenity publication, researchers may submit findings to conferences or other outlets

What happens if a valid vulnerability is discovered?

  • Valid bugs can and should be submitted to the appropriate vendor’s bug bounty program for potential additional reward (and to follow responsible disclosure requirements)

  • The Zenity program focuses on research outcomes, not bounty-only payouts

What could get me disqualified or terminated?

  • Failure to follow good-faith security research principles

  • Causing harm to real users or production environments

  • Acting outside approved research scope

  • Plagiarism or unethical behavior

What inspiration did you follow for this program?

We were inspired by Truffle Security’s CFP and Google’s Vulnerability Research Grant program, which are both great security research programs supporting the community today.