Adobe wants your help finding security flaws in Content Credentials and Firefly

Plugging safety holes is significant to holding generative synthetic intelligence (AI) fashions secure from dangerous actors, dangerous picture era, and different potential misuse. To make sure a few of its newest and largest AI tasks are as secure as doable, Adobe on Wednesday expanded its bug bounty program, which rewards safety researchers for locating and disclosing bugs, to embody Content material Credentials and Adobe Firefly.

Content material Credentials are tamper-evident metadata hooked up to digital content material that function a “diet label”, letting customers see the content material’s “elements,” such because the creator’s title, creation date, any instruments used to create the picture (together with generative AI fashions), and the edits made.

Within the period of AI-generated pictures, this provenance software may also help folks decide artificial from human-made content material. This solely works, nevertheless, if Content material Credentials are tamper-proof and used as designed. Adobe is now crowdsourcing safety efforts for Content material Credentials through its bug bounty program to strengthen protections towards potential abuses, equivalent to incorrectly attaching credentials to the incorrect content material.

Some AI picture mills, like Adobe Firefly, robotically connect Content material Credentials to AI-generated content material. Firefly is Adobe’s group of generative AI fashions that may create pictures from prompts, different photos, and extra. This household of fashions is quickly accessible to the general public via a standalone net utility and a few of Adobe’s hottest purposes, together with Photoshop. 

The discharge says Adobe needs safety researchers to check Firefly towards Open Worldwide Software Safety Challenge (OWASP)’s prime safety dangers in giant language mannequin (LLM) purposes, equivalent to immediate injection, delicate info disclosure, and coaching knowledge poisoning. Adobe will then use this suggestions to focus its analysis and additional efforts on addressing Firefly’s weaknesses. 

“By proactively participating with the safety neighborhood, we hope to achieve extra insights into the safety posture of our generative AI applied sciences, which, in flip, will present precious suggestions to our inner safety program,” Adobe stated in its launch. 

Adobe is inviting moral hackers all for collaborating within the bug bounty program to go to the Adobe HackerOne web page and to use through this way, which asks questions concerning the applicant’s safety analysis and experience.

Along with Content material Credentials and Adobe Firefly, the bug bounty program is obtainable for many Adobe net apps and desktop and cellular variations of its Artistic Cloud apps. Yow will discover the total checklist of included apps on the Adobe Bug Bounty Program webpage.
Oddly, whereas the HackerOne web page lists rewards starting from $100 to $10,000, Adobe’s webpage says that “this program doesn’t present financial rewards for bug submissions.” It is unclear whether or not this refers solely to Adobe’s personal bug bounty program. 

Individually, OpenAI additionally has a bug bounty program, via which safety researchers could make wherever from $200 to $20,000, relying on the kind of the vulnerability.