Google expands its bug bounty program to target generative AI attacks

With concerns around generative AI ever-present, Google has announced an expansion of its Vulnerability Rewards Program (VRP) focused on AI-specific attacks and opportunities for malice. As such, the company released updated guidelines detailing which discoveries qualify for rewards and which fall out of scope. For example, discovering training data extraction that leaks private, sensitive information falls in scope, but if it only shows public, nonsensitive data, then it wouldn't qualify for a reward. Last year, Google gave security researchers …

attacks bug bounty bug bounty program concerns data discoveries example expansion generative google guidelines training training data vulnerability