Google Announces Bug Bounty Program Specific to Generative AI
Another clear signal of how GenAI is mingling with cybersecurity
This week Google announced that they are expanding their Vulnerability Rewards Program (VRP) - also known as a bug bounty program - to cover hunting for vulnerabilities in generative AI (GenAI). Their blog post on this includes strong statements, promises, and messaging around AI safety. That starts in their introduction for this expansion of their VRP:
Today, we’re expanding our VRP to reward for attack scenarios specific to generative AI. We believe this will incentivize research around AI safety and security, and bring potential issues to light that will ultimately make AI safer for everyone.
There is a page that outlines what is in and out of scope, the reward criteria, for reporting bugs in AI products. This is just a slice of it:
There’s a lot in their post that speaks to how GenAI introduces not just new risks, but different types of risk. The sort of risks we’ve been seeing and reading about related to GenAI and its rapidly growing integrations in software, and into our personal and work environments.
Generative AI raises new and different concerns than traditional digital security, such as the potential for unfair bias, model manipulation or misinterpretations of data (hallucinations).
Google’s post also mentions a few of their other initiatives in this area. that have been in place for a few months now. These two seem particularly interesting and much needed:
An AI Red Team
A Secure AI Framework - with a mission statement around “… securing the critical supply chain components that enable machine learning (ML) against threats …”
GenAI is fascinating to me for many reasons. Its crossover into and usage on the “good guys” and “bad guys’ sides of cybersecurity are also fascinating of course. I can only imagine my interest in this area growing, as the impact of GenAI seems to be expanding by the minute.
As far as Google’s efforts, and maybe more so their stated good intentions here, I think those are to be applauded; and they also be greeted with a healthy amount of skepticism in terms of how much we can trust in the good faith of any of the tech giants who have dominant roles in the exponential growth of GenAI. That will be another riveting angle of all of this to follow.