Request a Quote

Google Offers Bug Bounties for Generative AI Security Vulnerabilities

We Keep you Connected

Google Offers Bug Bounties for Generative AI Security Vulnerabilities

Google Offers Bug Bounties for Generative AI Security Vulnerabilities
Your email has been sent
Google’s Vulnerability Reward Program offers up to $31,337 for discovering potential hazards. Google joins OpenAI and Microsoft in rewarding AI bug hunts.
Google expanded its Vulnerability Rewards Program to include bugs and vulnerabilities that could be found in generative AI. Specifically, Google is looking for bug hunters for its own generative AI, products such as Google Bard, which is available in many countries, or Google Cloud’s Contact Center AI, Agent Assist.
“We believe this will incentivize research around AI safety and security, and bring potential issues to light that will ultimately make AI safer for everyone,” Google’s Vice President of Trust and Safety Laurie Richardson and Vice President of Privacy, Safety and Security Engineering Royal Hansen wrote in an Oct. 26 blog post. “We’re also expanding our open source security work to make information about AI supply chain security universally discoverable and verifiable.”
Jump to:
There are limitations as to what counts as a vulnerability in generative AI; a complete list of what vulnerabilities Google considers in scope or out of scope for the Vulnerability Rewards Program is in this Google security blog.
Generative AI introduces risks traditional computing doesn’t; these risks include unfair bias, model manipulation and misinterpretations of data, Richardson and Hansen wrote. Notably, AI “hallucinations” — misinformation generated within a private browsing session — do not count as vulnerabilities for the purposes of the Vulnerability Rewards Program. Attacks that expose sensitive information, change the state of a Google user’s account without their consent or provide backdoors into a generative AI model are within scope.
Ultimately, anyone participating in the bug bounty needs to prove that the vulnerability they discover could “pose a compelling attack scenario or feasible path to Google or user harm,” according to the Google security blog.
Rewards for the Vulnerability Rewards Program range from $100 to $31,337, depending on the type of vulnerability. Details on rewards, payouts can be found on Google’s Bug Hunters site.
OpenAI, Microsoft and other organizations offer bug bounties for white hat hackers who find vulnerabilities in generative AI systems. Microsoft offers between $2,000 and $15,000 for qualifying bugs. OpenAI’s bug bounty program will give between $200 and $20,000.
SEE: IBM X-Force researchers found phishing emails written by people are slightly more likely to get clicks than those written by ChatGPT. (TechRepublic)
In an October 26 report, HackerOne and OWASP found that the most common vulnerability in generative AI was prompt injection (i.e., using prompts to make the AI model do something it was not intended to do), followed by insecure output handling (i.e., when LLM output is accepted without scrutiny) and the manipulation of training data.
Developers and security researchers just starting out with generative AI have plenty of options when it comes to learning how to use it, from experimenting with free applications such as ChatGPT to taking professional courses. DeepLearning.AI has courses at both beginner and advanced levels for professionals who want to learn how to use and develop for artificial intelligence and machine learning.
Learn how to get the most out of Google Docs, Google Cloud Platform, Google Apps, Chrome OS, and all the other Google products used in business environments.
Google Offers Bug Bounties for Generative AI Security Vulnerabilities
Your email has been sent
TechRepublic Premium content helps you solve your toughest IT issues and jump-start your career or next project.
This is a comprehensive list of the best AI art generators. Explore the advanced technology that transforms imagination into stunning artworks.
Find the perfect payroll service for your business without breaking the bank. Discover the top cheap payroll services, features, pricing and pros and cons.
Is NordVPN worth it? How much does it cost and is it safe to use? Read our NordVPN review to learn about pricing, features, security, and more.
Free project management software provides flexibility for managing projects without paying a cent. Check out our list of the top free project management tools.
Australian and New Zealand enterprises in the public cloud are facing pressure to optimize cloud strategies due to a growth in usage and expected future demand, including for artificial intelligence use cases.
Learn how to get the most out of Google Docs, Google Cloud Platform, Google Apps, Chrome OS, and all the other Google products used in business environments.
Useful and actionable information is the engine of success that drives the modern business enterprise. Properly collecting, storing and processing business data is what provides the fuel for that success engine. The database administrator is responsible for determining how data will be collected, structured and stored so that it can be accessed and processed when …
For many enterprises, the ability to rapidly develop, deploy and integrate new software and features is essential to the overall success of the organization. Managing all those moving parts requires workflow procedures that cross traditionally separate departments and can be accomplished only with effective communication and cooperation. These workflow procedures are referred to as DevOps, …
Electronic data is likely to be more prevalent in today’s organizations than physical printed data. Reams’ worth of documents can now be stored on computer hard drives, handheld devices and storage cards smaller than a fingernail. The bulk of many strategic operations depends on this digital information and its safe handling. The purpose of this …
Data without an associated backup is only as reliable as the system upon which it is stored — and every system has a finite lifespan or may be susceptible to malware or hacking efforts. This policy from TechRepublic Premium provides guidelines for reliable and secure backups of end user data. It outlines the responsibilities of …
Get the web’s best business technology news, tutorials, reviews, trends, and analysis—in your inbox. Let’s start with the basics.
* – indicates required fields
Lost your password? Request a new password
Please enter your email adress. You will receive an email message with instructions on how to reset your password.
Check your email for a password reset link. If you didn’t receive an email don’t forgot to check your spam folder, otherwise contact support.
This will help us provide you with customized content.
Thanks for signing up! Keep an eye out for a confirmation email from our team. To ensure any newsletters you subscribed to hit your inbox, make sure to add newsletters@nl.technologyadvice.com to your contacts list.

source

 

Enterprise Guardian (EnGuard) specializes in HIPAA Compliant Email for the Healthcare Industry.
HIPAA Compliant Email, Telehealth & Cloud Made Easy.

 

GET THE LATEST UPDATES, OFFERS, INFORMATION & MORE