Google expands bug bounty programme specific to genAI attacks


As concerns about generative AI continue to mount, Google has announced an expansion of its bug bounty programme or Vulnerability Rewards Programme (VRP) targeted at AI-specific threats.

“Today, we’re expanding our VRP to reward for attack scenarios specific to generative AI. We believe this will incentivise research around AI safety and security, and bring potential issues to light that will ultimately make AI safer for everyone,” Google said in a blogpost on Thursday.

 

The company issued updated guidelines outlining which findings will be eligible for rewards and which are not.

 

For instance, discovering training data extraction that discloses private, sensitive information is within scope, but if it just shows public, nonsensitive data, it does not qualify for a reward.

 

Last year, the tech giant issued over $12 million in rewards to security researchers who tested their products for vulnerabilities.

 

In addition, Google said it is expanding its open-source security work and building upon its prior collaboration with the Open Source Security Foundation, to further protect against machine learning supply chain attacks.

 

Earlier this month, Microsoft announced an AI bug bounty programme featuring the AI-powered Bing experience as the first in-scope product, with awards up to $15,000.

 

“The Microsoft AI bounty programme invites security researchers from across the globe to discover vulnerabilities in the new, innovative, AI-powered Bing experience. Qualified submissions are eligible for bounty rewards from $2,000 to $15,000,” Microsoft said.