Tag: bug bounty

The maintainer of cURL, one of the most widely used networking tools, announced the termination of its bug bounty program. The decision follows an overwhelming influx of low‑quality, often AI‑generated vulnerability reports that strained the small team of volunteers. Daniel Stenberg, the project's founder, expressed that the limited resources of the open‑source project could not sustain the volume of submissions, and the program will conclude at the end of the month. Leggi di più

Google announced a new bug bounty program focused on its AI products, defining AI bugs as issues that use large language models or generative AI to cause harm or exploit security gaps. The program rewards researchers for uncovering rogue actions such as prompt‑injection attacks that could unlock a Google Home device or exfiltrate email data. Since its inception two years ago, participants have earned over $430,000. Alongside the bounty, Google introduced CodeMender, an AI‑driven agent that has already patched 72 security fixes in open‑source projects after human review. Leggi di più