Riciplay is an AI-powered bug bounty and security research platform that takes researchers from a target URL to a submission-ready report in one browser-based workflow. At its core is a multi-agent investigation system where a Leader agent orchestrates 10 specialist agents across Web2 (Web, Auth, API Security, Business Logic, Template Injection) and Web3 (Smart Contract, DeFi, MEV, Access Control). Each investigation runs through structured phases — recon, endpoint discovery, active probing, triangulation, exploitation, and auto-generated report — delivering findings with a 7-stage confidence audit trail designed to eliminate false positives. Beyond investigations, Riciplay includes a parameter scanner (354+ parameters), recon aggregator, GitHub SAST scanner, web crawler, request interceptor, Chrome extension, and a sandboxed browser-based terminal with 7 language runtimes — replacing an entire toolkit with no installation required. The Report Validation Engine scores bug bounty writeups across 5 dimensions, detects structural duplicates, flags payload mismatches, and estimates severity from PoC evidence before submission to a program. Riciplay supports team workspaces, a community leaderboard, public finding sharing, and crypto payments (BNB, SOL, TON, USDT) for a security research community that operates on-chain.