December 15, 2023 at 06:16PM
Google has expanded its Bug Hunters program to include third-party discovery and reporting of issues and vulnerabilities specific to its AI systems. The program includes rewards for various attacks, model manipulations, adversarial perturbations, and model theft/exfiltration. Rewards are based on severity and target affected. To report a qualifying issue, visit the Bug Hunters website.
The meeting notes indicate that Google has expanded its existing Bug Hunters program to accommodate third-party discovery and reporting of issues and vulnerabilities specific to their AI systems. They have included more information on reward program elements to help the security community better understand these developments.
The scope for rewards includes areas such as prompt attacks, prompt injections, training data extraction, manipulating models, adversarial perturbation, model theft/exfiltration, and flaws in AI-powered tools not explicitly listed. The severity and type of target affected determine the reward amounts, and specific criteria for AI bug reports are outlined. It is highlighted that issues already known about are not eligible for rewards.
Google aims to support responsible AI innovation by expanding their bug bounty program to cover AI systems and encourages the research community to participate in discovering and addressing security and abuse issues in their AI-powered features through their Bug Hunters website.
Please let me know if you need further information or if there’s anything else I can assist you with.