In 2022, Google paid over $12 million in bounties to hackers as part of the broader program. The company has stated that the amount of rewards for vulnerabilities disclosed under the VRP will depend on the severity of the attack scenario and the type of target affected. The announcement comes at a time when concerns about the potential misuse of AI for cyber-attacks and other criminal activities are growing.
Key takeaways:
- Google is expanding its vulnerability rewards program (VRP) to include attack scenarios that involve generative AI, encouraging hackers to uncover vulnerabilities in Google's AI systems and services.
- Google's AI Red Team mimics real hack attacks, using the same methodologies as nation-states, organized cybercrime groups, and malicious insiders.
- Hackers outside of Google can now look for weak points in Google's AI systems, but they must work within a strict framework that defines what is in or out of scope.
- In 2022, Google paid more than $12 million in bounties to hackers who were part of the broader program, with the amount of rewards depending on the severity of the attack scenario and the type of target affected.