Google has broadened its Vulnerability Rewards Program (VRP) to encompass specific attack scenarios related to generative AI. Google articulated its belief that the expansion of the VRP would act as an incentive for research focusing on AI safety and security. The overarching goal is to bring potential issues to the forefront, ultimately enhancing the safety of AI for all users.
Google’s Vulnerability Rewards Program, often referred to as a bug bounty, compensates ethical hackers for identifying and responsibly disclosing security vulnerabilities. The advent of generative AI has exposed new security concerns, such as the potential for unjust biases or manipulations of models. To address these challenges, Google has reevaluated how it classifies and reports received bug reports.
New Challenges in Generative AI
To facilitate this process, Google has harnessed the insights from its newly established AI Red Team. This group of hackers emulates a diverse array of adversaries, ranging from nation-states and government-backed entities to hacktivists and malicious insiders. Their objective is to identify and rectify security vulnerabilities in technology. Recently, the team conducted an exercise to pinpoint the most significant threats associated with generative AI technologies like ChatGPT and Google Bard.
The findings of the AI Red Team revealed that large language models (LLMs) are susceptible to prompt injection attacks. In such attacks, hackers craft adversarial prompts designed to manipulate the behavior of the AI model. This type of attack could be exploited to generate harmful or offensive content or disclose sensitive information. Furthermore, the team warned of another form of attack known as training-data extraction. This method enables hackers to reassemble exact training examples, potentially extracting personally identifiable information or passwords from the data.
Google’s expanded VRP now encompasses both of these attack types, in addition to model manipulation and model theft. However, it’s worth noting that the program will not offer rewards for researchers who uncover bugs related to copyright issues or data extraction that reconstructs non-sensitive or public information.
The rewards granted under the VRP will fluctuate based on the severity of the discovered vulnerabilities. Currently, researchers have the potential to earn $31,337 for identifying command injection attacks and deserialization bugs within highly sensitive applications like Google Search or Google Play. For vulnerabilities affecting lower-priority applications, the maximum reward is set at $5,000.
