AI/ML, AI benefits/risks, Bug Bounties

New AI vulnerability bounty program unveiled by Google

SecurityWeek reports that Google has introduced a new AI Vulnerability Reward Program, which expands on its 2023 Abuse VRP, aimed at identifying security flaws and abuse issues across its artificial intelligence products.

Under the new AI VRP, Google will reward discoveries of security flaws that could modify user accounts or data, leak sensitive information, exfiltrate model parameters, alter AI environments, trigger persistent denial-of-service attacks, or enable unauthorized server-side functions. The company clarified that prompt injections, alignment issues, and jailbreaks fall outside the programs scope, though the company still encourages reports on such content-related concerns. The program divides Google's AI offerings into three tiers: flagship products such as Gemini Apps, Google Search, and Workspace core apps; standard products including non-core Workspace tools, AI Studio, and Jules; and other AI integrations across Google's portfolio, with some exceptions.

Top rewards include $20,000 for account or data modification flaws in flagship products and $15,000 for similar issues in standard tiers. Sensitive data exfiltration can earn up to $15,000 or up to $10,000 in other categories. Google said a unified reward panel will review all submissions and grant the highest eligible payout.

An In-Depth Guide to AI

Get essential knowledge and practical strategies to use AI to better your security program.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds