Adobe on Wednesday announced an expansion of its bug bounty program to include its implementation of Content Credentials and Adobe Firefly.
The company is providing incentives for bug bounty hackers to search for and report security defects specific to Adobe’s implementation of Content Credentials and Adobe Firefly, as part of the company’s bug bounty program running on HackerOne.
Relying on the C2PA open standard and meant to provide transparency about the creation and editing of digital content, Content Credentials are integrated across Adobe applications such as Firefly, Lightroom, Photoshop, and more.
“We are crowdsourcing security testing efforts for Content Credentials to reinforce the resilience of Adobe’s implementation against traditional risks and unique considerations that come with the provenance tool, such as the potential for intentional abuse of Content Credentials by incorrectly attaching them to the wrong asset,” Adobe said in a note announcing the program expansion.
On Adobe Firefly, a set of creative generative AI models available both as standalone web applications and through Firefly-powered features in various Adobe applications, the company seeks to test their resilience against common LLM risks.
“We encourage security researchers to review the OWASP Top 10 for Large Language Models, such as prompt injection, sensitive information disclosure, or training data poisoning, to help focus their research efforts on pinpointing weaknesses in these AI-powered solutions,” Adobe said.
By expanding the scope of its bug bounty program to these solutions, Adobe hopes to receive valuable insights into its generative AI technologies that will complement its internal security program and help it reinforce the security of its products.
“We are committed to working with the broader industry to help strengthen our Content Credentials implementation in Adobe Firefly and other flagship products to bring important issues to the forefront and encourage the development of responsible AI solutions,” Adobe executive vice president Dana Rao said.
Interested security researchers can find more information on the scope, rules, and rewards available through Adobe’s bug bounty program on HackerOne, or by joining the company’s private bug bounty program.
Related: Zoom Paid Out $10 Million via Bug Bounty Program Since 2019
Related: Google Bug Bounty Program and Other Initiatives to Secure AI
Related: Microsoft Offers Up to $15,000 in New AI Bug Bounty Program
