Adobe Provides Firefly and AI Watermarking to Bug Bounty Program


Safety researchers in Adobe’s bug bounty program can now choose up rewards for locating vulnerabilities in Adobe Firefly and Content material Credentials. The bug hunt can be open to members of Adobe’s non-public bug bounty program beginning Might 1.

Members of Adobe’s public bug bounty program can be eligible to work with Adobe Firefly and Content material Credentials within the second half of 2024, and functions for the non-public program are open.

Each bug bounties are hosted on the HackerOne platform, which is open to safety researchers globally.

Hackers can earn between $100 and $10,000, relying on the kind and severity of the vulnerability.

“Not solely will we simply merely repair the vulnerabilities which are reported to us, however we additionally leverage the bug bounty program and a number of the alerts and developments that we get out of it as a kind of suggestions loop to our inside safety groups,” mentioned Adobe Product Incident Response Group Supervisor Daniel Ventura in an interview with TechRepublic. “In order that we will all study collectively and we will make our capabilities higher as a complete.”

Ventura famous that whereas generative AI know-how is comparatively new, safety researchers have shortly gotten in control on the way to bug hunt inside it. Adobe has partnered with HackerOne and Bug Bounty Village, a hacker convention organized by Ben Sadeghipour, aka NahamSec, to supply safety researchers pathways to studying extra about bug looking in generative AI.

“Most likely the largest problem is, you understand, plenty of researchers are catching in control just like organizations as they’re placing out new, new companies and property,” mentioned Ventura.

Adobe Firefly presents distinctive bug-hunting challenges

Adobe Firefly is a household of generative AI fashions made to create photos in Photoshop and different Adobe merchandise. Adobe encourages safety researchers to check Firefly for frequent vulnerabilities in generative AI. Particularly, Adobe factors researchers towards the OWASP Top Ten for Large Language Model Applications, which notes that LLM functions are particularly susceptible to immediate injections, knowledge leakage, insufficient sandboxing and unauthorized code execution.

SEE: Our information reveals tips and tricks for using Adobe Photoshop most successfully. (TechRepublic) 

Content material Credentials offers necessary provenance data

Content material Credentials is a watermarking system utilized to AI artwork made in Adobe Firefly, Photoshop, Lightroom or different packages. Content material Credentials connect to pictures’ details about the photographs’ creation and any enhancing which may have been completed on them.

It is crucial that Content material Credentials perform nicely as a way to guarantee artwork is correctly attributed, and to forestall the unfold of misleading photos. Particularly, Adobe desires to close down doable methods to connect false Content material Credentials.

The purpose is to assist creators who might use Content material Credentials of their work and the broader safety researcher group by sharing details about what vulnerabilities Content material Credentials might have.

“The abilities and experience of safety researchers play a important function in enhancing safety and now may also help fight the unfold of misinformation,” mentioned Dana Rao, government vp, normal counsel and chief belief officer at Adobe, in an announcement to the press. “We’re dedicated to working with the broader trade to assist strengthen our Content material Credentials implementation in Adobe Firefly and different flagship merchandise to deliver necessary points to the forefront and encourage the event of accountable AI options.”

Adobe opens Safety Researcher Corridor of Fame

To be able to add bragging rights to the financial rewards, Adobe has opened a Security Researcher Hall of Fame for safety researchers who make an distinctive influence within the bug bounty program. Researchers who rating probably the most factors in 1 / 4 by making legitimate submissions to the bug bounty program can earn Adobe merchandise or a free 12-month subscription to Adobe’s Inventive Cloud Suite, and their names can be displayed within the corridor of fame.

“All in all, we hope this initiative helps domesticate a extra rewarding expertise for taking part researchers,” Ventura wrote in a blog post.

Different AI bug bounty packages

AI bug hunts have proliferated with the rise of generative AI services during the last yr. Google added certain generative AI vulnerabilities to its bug bounty program in October 2023. OpenAI has a bug bounty program for its AI fashions. Microsoft gives as much as $15,000 to seek out bugs in Copilot.



Source link