Safety researchers in Adobe’s bug bounty program can now decide up rewards for locating vulnerabilities in Adobe Firefly and Content material Credentials. The bug hunt will probably be open to members of Adobe’s non-public bug bounty program beginning Might 1.
Members of Adobe’s public bug bounty program will probably be eligible to work with Adobe Firefly and Content material Credentials within the second half of 2024, and functions for the non-public program are open.
Each bug bounties are hosted on the HackerOne platform, which is open to safety researchers globally.
Hackers can earn between $100 and $10,000, relying on the kind and severity of the vulnerability.
“Not solely can we simply merely repair the vulnerabilities which might be reported to us, however we additionally leverage the bug bounty program and a few of the indicators and developments that we get out of it as a kind of suggestions loop to our inside safety groups,” stated Adobe Product Incident Response Crew Supervisor Daniel Ventura in an interview with TechRepublic. “In order that we will all be taught collectively and we will make our capabilities higher as a complete.”
Ventura famous that whereas generative AI know-how is comparatively new, safety researchers have shortly gotten in control on the way to bug hunt inside it. Adobe has partnered with HackerOne and Bug Bounty Village, a hacker convention organized by Ben Sadeghipour, aka NahamSec, to supply safety researchers pathways to studying extra about bug looking in generative AI.
“Most likely the largest problem is, you recognize, a whole lot of researchers are catching in control much like organizations as they’re placing out new, new companies and property,” stated Ventura.
Adobe Firefly presents distinctive bug-hunting challenges
Adobe Firefly is a household of generative AI fashions made to create pictures in Photoshop and different Adobe merchandise. Adobe encourages safety researchers to check Firefly for frequent vulnerabilities in generative AI. Specifically, Adobe factors researchers towards the OWASP High Ten for Massive Language Mannequin Functions, which notes that LLM functions are particularly susceptible to immediate injections, knowledge leakage, insufficient sandboxing and unauthorized code execution.
SEE: Our information reveals suggestions and methods for utilizing Adobe Photoshop most successfully. (TechRepublic)
Content material Credentials offers vital provenance data
Content material Credentials is a watermarking system utilized to AI artwork made in Adobe Firefly, Photoshop, Lightroom or different packages. Content material Credentials connect to photographs’ details about the photographs’ creation and any enhancing that may have been performed on them.
It’s important that Content material Credentials operate properly in an effort to guarantee artwork is correctly attributed, and to stop the unfold of misleading pictures. Specifically, Adobe needs to close down attainable methods to connect false Content material Credentials.
The purpose is to assist creators who could use Content material Credentials of their work and the broader safety researcher group by sharing details about what vulnerabilities Content material Credentials could have.
“The abilities and experience of safety researchers play a vital function in enhancing safety and now may help fight the unfold of misinformation,” stated Dana Rao, government vice chairman, common counsel and chief belief officer at Adobe, in a press release to the press. “We’re dedicated to working with the broader business to assist strengthen our Content material Credentials implementation in Adobe Firefly and different flagship merchandise to carry vital points to the forefront and encourage the event of accountable AI options.”
Adobe opens Safety Researcher Corridor of Fame
With a view to add bragging rights to the financial rewards, Adobe has opened a Safety Researcher Corridor of Fame for safety researchers who make an distinctive affect within the bug bounty program. Researchers who rating probably the most factors in 1 / 4 by making legitimate submissions to the bug bounty program can earn Adobe merchandise or a free 12-month subscription to Adobe’s Artistic Cloud Suite, and their names will probably be displayed within the corridor of fame.
“All in all, we hope this initiative helps domesticate a extra rewarding expertise for collaborating researchers,” Ventura wrote in a weblog put up.
Different AI bug bounty packages
AI bug hunts have proliferated with the rise of generative AI services and products during the last 12 months. Google added sure generative AI vulnerabilities to its bug bounty program in October 2023. OpenAI has a bug bounty program for its AI fashions. Microsoft presents as much as $15,000 to search out bugs in Copilot.
