Security experts can now receive incentives for discovering flaws in Adobe Firefly and Content Qualifications through Adobe’s bug bounty program. Users of Adobe’s secret bug bounty program can begin the spider hunt starting May 1.
In the next quarter of 2024, candidates for the private software are available for work with Adobe Firefly and Content Qualifications.
Both bug bounty locations are accessible to safety researchers from all over the world on the HackerOne system.
Hackers can earn between$ 100 and$ 10, 000, depending on the type and severity of the vulnerability.
In an interview with TechRepublic, Adobe Product Incident Response Team Manager Daniel Ventura stated that” not only do we merely fix the risks that are reported to us, but we also use the bug bounty program and some of the indicators and trends that we get out of it as a kind of feedback ring to our inner security teams. ” But that we can all understand together and that we can improve our abilities as a whole.”
Ventura noted that surveillance researchers have quickly learned how to insect hunt within conceptual AI, despite the relatively new technology. To provide protection researchers with information on bug looking in conceptual AI, Adobe has partnered with HackerOne and Bug Bounty Village, a thief meeting organized by Ben Sadeghipour, aka NahamSec.
” Probably the biggest problem is, you know, a lot of experts are catching up to speed equivalent to businesses as they’re putting out fresh, innovative services and property”, said Ventura.
Adobe Fly presents special bug- hunting challenges
A household of relational AI designs created in Photoshop and various Adobe products is called Adobe Firefly. Adobe encourages safety researchers to test Firefly for popular relational AI flaws. In particular, Adobe points researchers toward the OWASP Top Ten for Big Language Model Applications, which notes that LLM applications are especially susceptible to quick injections, data leak, limited sandboxing and illicit code execution.
SEE: Our guide shows tips and tricks for using Adobe Photoshop most effectively. ( TechRepublic )  ,
Important provenance details are provided in Content Credentials.
Content Credentials is a watermarking system applied to AI art made in Adobe Firefly, Photoshop, Lightroom or other programs. Images contain information about their creation and any possible editing that might have been done using images, according to content credentials.
In order to ensure that art is properly attributed and prevent the spread of deceptive images, it is crucial that Content Credentials function well. In particular, Adobe wants to shut down possible ways to attach false Content Credentials.
By sharing information about what vulnerabilities Content Credentials may have, the goal is to assist creators who may use them in their work and the broader community of security researchers.
Security researchers ‘ abilities and knowledge are essential to enhancing security, according to Dana Rao, executive vice president, general counsel, and chief trust officer at Adobe, in a press release. ” We are committed to working with the broader industry to strengthen the implementation of our Content Credentials in Adobe Firefly and other flagship products to bring important issues to the forefront and encourage the development of responsible AI solutions,” said the company.
Adobe inducts a security researcher into the Hall of Fame.
Adobe has established a Security Researcher Hall of Fame to honor security researchers who make an outstanding impact in the bug bounty program in order to give them bragging rights over the money they receive. The names of the researchers who receive the most points in a quarter by making legitimate submissions to the bug bounty program will be displayed in the hall of fame, along with Adobe merchandise and a free 12-month subscription to Adobe’s Creative Cloud Suite.
Overall, we hope that the initiative will make the participating researchers more productive, Ventura wrote in a blog post.
Other AI bug bounty programs
With the development of generative AI products and services over the past year, AI bug hunts have increased. In October 2023, Google began offering bug bounty programs for a number of generative AI vulnerabilities. For its AI models, OpenAI has a bug bounty program. Microsoft offers up to$ 15, 000 to find bugs in Copilot.