Google Expands Vulnerability Rewards Program to Tackle Generative AI Threats

In response to the escalating threat of AI-powered cyberattacks, Google has expanded its Vulnerability Rewards Program (VRP) to encompass attack scenarios specific to generative AI. This move is essential, as AI-powered cyberattacks are becoming increasingly sophisticated and difficult to defend against. In light of this growing threat, it is paramount to use security tools such as VPNs and password managers. For example, ExpressVPN encrypts your internet traffic, making it more difficult for attackers to track your online activity. A password manager can help you create and store strong, unique passwords for all of your online accounts, making it more difficult for attackers to steal your login credentials. As technology evolves, the need for robust cybersecurity measures becomes more pressing than ever.

Google Expands VRP to Include Generative AI Security Vulnerabilities

Generative AI is a powerful new technology that can be used to create realistic and convincing content, including text, images, and even videos. This technology has the potential to be used for good, but it also poses a number of serious security risks. For example, generative AI can be used to create deepfakes, which are videos or audio recordings that have been manipulated to make it appear as if someone is saying or doing something they never actually said or did. Deepfakes can be used to spread misinformation, damage reputations, and even commit fraud.

Google’s VRP is a bug bounty program that rewards security researchers for finding and reporting vulnerabilities in Google’s products and services. By expanding the VRP to include generative AI, Google is incentivizing security researchers to help identify and fix security vulnerabilities in this emerging technology.

The new VRP categories for generative AI include:

  • Prompt injection vulnerabilities that allow attackers to manipulate the output of generative AI models.
  • Leakage of sensitive data from training datasets, which can be used to train adversarial models that can fool generative AI models into producing malicious content.
  • Model manipulation vulnerabilities that allow attackers to modify generative AI models in ways that can produce malicious output.
  • Adversarial perturbation attacks that can be used to trigger misclassification in generative AI models.
  • Model theft vulnerabilities that allow attackers to steal generative AI models and use them for malicious purposes.

Understanding Google’s VRP Expansion

By expanding its VRP to include these new categories, Google is sending a clear message that it is committed to the security of generative AI. Also, to understand how Google is addressing these emerging challenges, we turn to Google’s AI Red Team, a newly formed group of hackers. This team, a blend of white-hat hackers and AI security experts, is tasked with simulating various adversaries, ranging from nation-states to hacktivists and malicious insiders. Their mission is to unearth security weaknesses in technologies that underpin generative AI products like ChatGPT and Google Bard. The AI Red Team’s recent exercise revealed some eye-opening insights into the vulnerabilities of large language models (LLMs). Among the vulnerabilities, prompt injection attacks stood out as a significant concern. These attacks allow hackers to craft adversarial prompts that influence the behavior of the AI model, potentially leading to the generation of harmful or offensive content or even the leakage of sensitive information. Another alarming revelation was the training-data extraction attack, which can be exploited to extract personally identifiable information or passwords from the model’s training data.

Why is tackling AI security so important? 

Google’s tackling of AI security is important for several reasons. First, AI is becoming increasingly powerful and sophisticated, and it is being used in a wide range of applications, from self-driving cars to facial recognition software. This means that there are more potential targets for attackers, and the potential consequences of a successful attack are more severe. Second, AI systems are often complex and opaque, making it difficult to identify and fix security vulnerabilities. This is especially true for AI systems trained on large datasets, as it can be difficult to understand how the system makes decisions and how it might be manipulated. Third, AI systems are often used with other critical systems, such as power grids and financial systems. A successful attack on an AI system could have cascading effects on other systems and infrastructure. Google is one of the leading companies in the development and deployment of AI technologies. As such, it is in a unique position to lead the effort to secure AI. Google has a long history of security research and engineering, and it has the resources and expertise to make a significant impact in this area and also to motivate other tech companies to implement security measures as well. 


Google’s expansion of its VRP to include generative AI is a welcome and necessary step. Generative AI is a powerful new technology with the potential to revolutionize many industries, but it also poses a number of serious security risks. By incentivizing security researchers to help identify and fix vulnerabilities in generative AI, Google is helping to make this powerful technology safer for everyone.  Google’s recent expansion of its Vulnerability Rewards Program (VRP) to include attack scenarios specific to generative AI is a welcome step. Still, it is important to remember that no security measure is perfect. By using a VPN and a password manager, you can take your online security to the next level.

Leave a Comment