Google announced the launch of a new program for finding vulnerabilities and bugs in artificial intelligence systems — the AI Vulnerability Reward Program (VRP). Participants of this program can receive a basic reward of up to 20 thousand dollars, and taking into account bonuses for the novelty and quality of the report, the amount can increase to 30 thousand dollars.
The VRP program covers vulnerabilities and potential exploits related to artificial intelligence in Google and Alphabet products. These are cases where interacting with a large language model or other generative systems through natural language is a key part of the vulnerability itself or the way it is exploited.
Unauthorized actions have the highest priority in the program. Google gave an example of indirect request injection, where an attacker can force Google Home to perform a certain action without the user’s knowledge, such as opening a door. A reward of 20,000 dollars is provided for the detection of such threats in the company’s key products, in particular in Search.
Previously discovered problems related to artificial intelligence were encouraged under the Abuse Vulnerability Reward Program, which Google launched to collaborate with researchers. Since then, the company has paid out more than $430,000 for AI vulnerabilities found. In addition, Google introduced CodeMender — an experimental agent of artificial intelligence capable of autonomously detecting and eliminating vulnerabilities in software code.
