New AI‑Focused Bug Bounty Program
Google unveiled a dedicated bug bounty program that targets vulnerabilities in its artificial‑intelligence offerings. The company clarified that an "AI bug" is any flaw that leverages a large language model or a generative AI system to cause harm, exploit a security loophole, or enable a rogue action. Examples listed include prompt‑injection attacks that could cause a Google Home device to unlock a door, or a data‑exfiltration prompt that summarizes a user’s email and sends the summary to an attacker’s account.
The program distinguishes between different severity levels. Rogue‑action bugs on flagship products such as Google Search, Gemini Apps, and core Workspace applications (Gmail, Drive) qualify for a base reward of $20,000, with multipliers for report quality and novelty that can raise the total to $30,000. Lower‑tier abuses on products like Jules or NotebookLM receive smaller payouts.
Since the program began two years ago, bug hunters have collectively earned more than $430,000. Google emphasized that simple hallucinations by Gemini do not meet the bounty criteria; instead, issues related to harmful content generation (e.g., hate speech or copyright‑infringing output) should be reported through the product’s built‑in feedback channel so that AI safety teams can address model behavior and implement broader safety training.
CodeMender: AI‑Assisted Patch Generation
In tandem with the bounty launch, Google introduced CodeMender, an AI agent designed to generate patches for vulnerable code. After an initial AI‑produced fix is vetted by a human researcher, CodeMender has already been used to apply 72 security fixes to open‑source projects. The tool demonstrates Google’s broader strategy of combining automated AI assistance with human oversight to improve software security at scale.
Both initiatives reflect Google’s commitment to proactively identify and remediate AI‑related security risks, encouraging external researchers to help harden its products while also leveraging AI to accelerate the patching process.
Dieser Artikel wurde mit Unterstützung von KI verfasst.
News Factory SEO hilft Ihnen, Nachrichteninhalte für Ihre Website zu automatisieren.