Monday, December 23, 2024

Bugcrowd Platform Implements Industry-First AI Vulnerability Rating Taxonomy for LLMs

Related stories

Doc.com Expands AI developments to Revolutionize Healthcare Access

Doc.com, a pioneering healthcare technology company, proudly announces the development...

Amesite Announces AI-Powered NurseMagic™ Growth in Marketing Reach to Key Markets

Amesite Inc., creator of the AI-powered NurseMagic™ app, announces...

Quantiphi Joins AWS Generative AI Partner Innovation Alliance

Quantiphi, an AI-first digital engineering company, has been named...
spot_imgspot_img

First-ever additions to the open source VRT to define how AI vulnerabilities in Large Language Models for AI are classified, reported, and prioritized in the Bugcrowd Platform

Bugcrowd, the only multi-solution crowdsourced cybersecurity platform, announced updates to the Vulnerability Rating Taxonomy (VRT) that define and prioritize crowdsourced vulnerabilities in Large Language Models (LLMs) for the first time. The VRT is an ongoing open-source effort to standardize how hacker submissions of suspected vulnerabilities are reported in an industry-standard way, and is implemented in the Bugcrowd Platform for use by hackers, customers, and Bugcrowd’s application security engineers.

This latest VRT release, which was partly inspired by the OWASP Top 10 for Large Language Model Applications, marks a milestone for the crowdsourced cybersecurity industry because it gives customers and hackers a shared understanding of how LLM-related vulnerabilities are classified and prioritized. Armed with this information, hackers can focus on hunting for specific vulnerabilities and creating targeted proofs-of-concept, while program owners with LLM-related assets can design project scoping and rewards that produce the best outcomes.

In 2016, Bugcrowd created the VRT, which is now an open-source project for customers, Bugcrowd application security engineers, and researchers to collaborate on a shared understanding of risk severity. The VRT is designed to constantly evolve in order to mirror the current threat environment. Since the VRT’s creation, hundreds of thousands of vulnerability submissions have been created, validated, triaged, and accepted by program owners on the Bugcrowd Platform.

Also Read: Exium and TD SYNNEX Forge Global Partnership to Meet Demand for Zero-Trust SASE

“Although AI systems can have well-known vulnerabilities that are found in common web applications, AI technologies like LLMs have introduced unprecedented security challenges that our industry is only beginning to understand and document,” said Casey Ellis, Founder and Chief Strategy Officer of Bugcrowd.

“This new release of VRT not only opens up a new form of offensive security research and red teaming to program participants, but it helps companies increase their scope to include these additional attack vectors,” said Ads Dawson, senior security engineer for LLM platform provider Cohere and a key contributor to the release. “I am looking forward to seeing how this VRT release will influence researchers and companies looking to fortify their defenses against these newly introduced attack concepts.”

“At Bugcrowd, we believe that the human ingenuity unleashed by crowdsourced security is the best tool available for meeting AI security goals in a scalable, impactful way that provides more visibility into security ROI,” said Dave Gerry, Chief Executive Officer of Bugcrowd. “With these AI security-related updates to the VRT, the Bugcrowd Platform is positioned as the leading option for meeting that goal.”

SOURCE: PRNewswire

Subscribe

- Never miss a story with notifications


    Latest stories

    spot_img