Published on October 27, 2023, 7:09 am
Google Extends Vulnerability Rewards Program to Include Generative AI Bugs
In a move that benefits both developers and consumers, Google has expanded its Vulnerability Rewards Program (VRP) to cover bugs related to generative AI. The VRP is an established initiative by the company aimed at keeping users safe and has already paid out millions of dollars in rewards, with over $12 million awarded in 2022 alone.
By extending the program to include under-the-radar vulnerabilities in GenAI, Google aims to promote responsible AI. Earlier this year, the company made a commitment to advancing the discovery of vulnerabilities in AI systems alongside other leading AI companies.
Speaking about the need to address a new generation of vulnerabilities, Google’s Trust & Safety VP Laurie Richardson and Privacy, Safety, and Security Engineering VP Royal Hansen stated that generative AI raises unique concerns compared to traditional digital security. These concerns include potential issues like unfair bias, model manipulation, and misinterpretation of data (hallucinations). They expressed their belief that this expansion will encourage more bug submissions from security researchers and expedite the goal of creating safer and more secure generative AI systems.
To provide clarity on what falls within scope for the AI-focused portion of Google’s VRP, the company has published a set of guidelines. These guidelines outline various cases that would be considered eligible for rewards.
The broader VRP offers payouts ranging from $500 to $31,337 for severe vulnerabilities that could lead to the takeover of a Google account. Even minor security flaws are eligible for rewards starting at $100.
Richardson and Hansen concluded their announcement by stating their hope that incentivizing more security research while applying supply chain security to AI will foster greater collaboration with the open-source security community and industry stakeholders. Ultimately, their aim is to make AI safer for everyone.
For those interested in similar topics:
– Need a productivity boost? Check out our list of the best AI writers.
– Bug bounty hunters, take note! Google has expanded its challenge to V8 and Cloud.
– Not a cybersecurity expert? Explore our recommendations for the best firewalls and endpoint protection software for added security.
Incorporating generative AI into Google’s VRP will provide a platform for identifying and addressing vulnerabilities, ensuring the responsible development and deployment of AI technologies. By promoting collaboration between researchers and the industry, this expansion is another step towards ensuring the safety and security of generative AI systems.