Google has announced an expansion of its bug bounty program or Vulnerability Rewards Programme (VRP) targeted at AI-specific threats.
“Today, we’re expanding our VRP to reward for attack scenarios specific to generative AI. We believe this will incentivize research around AI safety and security, and bring potential issues to light that will ultimately make AI safer for everyone,” Google said in a blog post on Thursday.
The company issued updated guidelines outlining which findings will be eligible for rewards and which are not.
For instance, discovering training data extraction that discloses private, sensitive information is within scope, but if it just shows public, nonsensitive data, it does not qualify for a reward.
Last year, the tech giant issued over $12 million in rewards to security researchers who tested their products for vulnerabilities.
In addition, Google said it is expanding its open-source security work and building upon its prior collaboration with the Open Source Security Foundation, to further protect against machine learning supply chain attacks.
Earlier this month, Microsoft announced an AI bug bounty program featuring the AI-powered Bing experience as the first in-scope product, with awards up to $15,000.
“The Microsoft AI bounty program invites security researchers from across the globe to discover vulnerabilities in the new, innovative, AI-powered Bing experience. Qualified submissions are eligible for bounty rewards from $2,000 to $15,000,” Microsoft said.
