"On Monday, Google launched a new reward program dedicated specifically to finding bugs in AI products. Google's list of qualifying bugs includes examples of the kind of rogue actions it's looking for, like indirectly injecting an AI prompt that causes Google Home to unlock a door, or a data exfiltration prompt injection that summarizes all of someone's email and sends the summary to the attacker's own account."
"The new program clarifies what constitutes an AI bug, breaking them down as issues that use a large language model or a generative AI system to cause harm or take advantage of a security loophole, with rogue actions at the top of the list. This includes modifying someone's account or data to impede their security or do something unwanted, like one flaw exposed previously that could open smart shutters and turn off the lights using a poisoned Google Calendar event."
Google launched a new reward program specifically for finding bugs in AI products, focusing on issues where large language models or generative AI systems cause harm or exploit security loopholes. Qualifying bugs emphasize rogue actions such as indirectly injecting prompts to control devices or prompt injections that exfiltrate data, including summaries of email. The program gives examples like unlocking Google Home or manipulating smart shutters via poisoned calendar events. Hallucinations and content generation issues should be reported through product feedback so safety teams can diagnose model behavior and implement model-wide safety training. Google also introduced CodeMender, an AI agent used to patch vulnerable open-source code.
Read at The Verge
Unable to calculate read time
Collection
[
|
...
]