Since October 2023, Google has expanded its pre -existing vulnerabilities search program to include IA -related errors and has distributed no less than $ 430,000 to security researchers. But obviously it was not enough. Given the importance of artificial intelligence, increasingly omnipresent, Google has just created its “bounty”, its rewards system open to computer security researchers, focused on AI.
Therefore, on October 6 Google launched a new rewards program specifically dedicated to detecting errors in products that have artificial intelligence functions, such as their search engine or gemini. The company details, in a blog post, which constitutes an IA error, classifying them as problems “where interaction with a large language model or other generative the AI system (…) is essential for vulnerability or abuse.” In other words, these tools should be used to cause damage or exploit a security vulnerability.
Malicious actions
With these terms, Google intends to attack mainly the “malicious actions”, which lead the list of its new program. They are defined as “attacks that change the state of the victim’s account or data with a clear impact on security.” For example, indirect injection of a message that allows an attacker to force Google Home to unlock a door or perform another unwanted action.
The discovery of attacks that allow the filtration of sensitive information (emails, etc.), as well as those aimed at repeated and persistently manipulate the “context of the victim’s environment” will also be rewarded. This would consist, for example, to take advantage of an error for corrupting Google Calendar by sending an invitation that would allow the countervanas to be opened or turned off the lights.
These attacks are one of the nine categories of errors that will be rewarded by Google. Hunters can earn $ 20,000 for detecting malicious shares. A reward that can reach up to $ 30,000, thanks to quality and novelty bonus multipliers.
Content -related problems (Jailbreak, hatred speeches, etc.) will not be rewarded for this new program, said Google.
Therefore, invites people who wish to report these problems to do so directly through the comments channel integrated into their products.
Source: BFM TV
