Google has launched a new program to find vulnerabilities and bugs in artificial intelligence — the AI Vulnerability Reward Program (VRP). Within this program, the company offers a base reward of up to $20,000, and thanks to bonuses for quality and novelty, the amount can increase to $30,000.
The VRP covers vulnerabilities and abuses related to artificial intelligence in Google and Alphabet products. The company clarifies that AI-related issues refer to situations where interaction with a large language model (LLM) or other generative system, such as through natural language, is an integral part of the vulnerability or abuse.
Unauthorized actions are given the highest priority. Google gives an example of indirect request injection, where an attacker can force Google Home to perform an action, such as opening a door, without the user’s knowledge. A reward of $20,000 is provided for the discovery of such a problem in the company’s key products, including Search.
Previously, AI vulnerabilities were rewarded through the Abuse Vulnerability Reward Program, when Google began working with researchers. Since the program's launch, more than $430,000 has been paid out for AI vulnerabilities.
In addition to this, the company also introduced CodeMender, an experimental artificial intelligence agent capable of autonomously detecting and fixing vulnerabilities in software code.