Google will pay you up to $30,000 in rewards to find bugs in its AI products

Google will pay you up to $30,000 in rewards to find bugs in its AI products

Briefly

"On Monday, Google security engineering managers Jason Parsons and Zak Bennett said in a blog post that the new program, an extension of the tech giant's existing Abuse Vulnerability Reward Program (VRP), will incentivize researchers and bug bounty hunters to focus on "high-impact abuse issues and security vulnerabilities" in Google products and services."

"Rogue actions: Attacks that modify accounts or data with a security impact. For example, the use of an indirect prompt to force Google Home to unlock a door. Sensitive data theft: Attacks leading to the theft of sensitive user data. These could include indirect prompt injections that send email summaries to a threat actor without user consent. Phishing enablement: Phishing attack vectors on Google websites that include persistent, cross-user HTML injections. Model theft: Security problems that could allow attackers to steal complete, confidential model parameters, such as exposed Google APIs. Context manipulation: Issues leading to the persistent manipulation of an AI environment without significant user interaction. Access control bypass: Attacks leading to data exfiltration from resources that shouldn't be accessible."

"Researchers have earned more than $430,000 since 2023, when Google's bug bounties expanded to include AI-related issues. Rewards range from $500 to $30,000."