Google Expands Bug Bounty Program to Include Generative AI Attacks
Amid rapid growth in artificial intelligence, Google is expanding its bug bounty program to include generative AI-specific security issues.
The company's Vulnerability Rewards Program (VRP) offers monetary rewards for those who find and report bugs with its products. Expanding to include AI threats "will incentivize research around AI safety and security, and bring potential issues to light that will ultimately make AI safer for everyone," say Laurie Richardson, VP of Trust & Safety at Google, and Royal Hansen, VP of Privacy, Safety and Security Engineering.
Google's engineering team posted a list of attack scenarios that are eligible for VRP rewards. On prompt-related attacks, for example, Google will consider an attack that would be "invisible to victims and change the state of the victim's account or or any of their assets." But using a product to generate incorrect responses—like getting it to "hallucinate"—is out of scope.
Other category options include training data extraction, manipulating models, adversarial perturbation, and model theft/exfiltration. Last year, Google paid out $12 million in rewards to its bug-hunting security researchers. Details on how much it pays out and for what are available on its bug hunters website, which is where researchers can submit their findings.
As Richardson and Hansen note, Google is among several top tech companies that signed a pledge this summer to have independent experts test their AI programs for safety before public release. They will also develop ways to essentially watermark AI-generated content to prevent the public from falling for deepfakes and other AI-created misinformation.
On Monday, the Biden administration is expected to publish an executive order imposing
Read more on pcmag.com
