"Google this week announced a new dedicated AI Vulnerability Reward Program (VRP) that builds on the 2023 Abuse VRP extension covering issues and vulnerabilities in its AI systems. To date, bug hunters have earned more than $430,000 in rewards for AI-product related vulnerabilities, and the new VRP builds on that momentum and has been shaped based on the feedback received from participating researchers."
"We don't believe a Vulnerability Reward Program is the right format for addressing content-related issues. The primary goal of our VRP is to encourage researchers to report security vulnerabilities and abuse issues directly to Google, and to provide timely, valuable rewards to incentivize those reports," Google explains. All Google AI products, the company says, have in-product functionality that can be used to report content-based issues. Such reports should include information on the used model, context, and other metadata."
"Within the AI VRP scope, however, the company has included attacks that modify a victim's account or data, leak sensitive information without user approval, exfiltrate model parameters, lead to the persistent manipulation of a victim's AI environment, lead to the exfiltration of data, enable server-side features without authorization, or cause persistent denial-of-service (DoS). Attacks that enable phishing through persistent, cross-user injection of HTML code on Google-branded sites without a "user-generated content" warning are also within scope, if they are deemed a convincing attack vector."
Google created a dedicated AI Vulnerability Reward Program that extends the 2023 Abuse VRP and incorporates researcher feedback. Bug hunters have earned more than $430,000 for AI-product related vulnerabilities. The program excludes content-related prompt injections, jailbreaks, and alignment issues from VRP scope while encouraging those reports via in-product reporting that should include the model used, context, and other metadata. In-scope issues include attacks that modify accounts or data, leak sensitive information without approval, exfiltrate model parameters, persistently manipulate AI environments, enable unauthorized server-side features, cause persistent DoS, or enable phishing via persistent cross-user HTML injection. AI products are organized into flagship, standard, and third-tier categories.
Read at SecurityWeek
Unable to calculate read time
Collection
[
|
...
]