Bugcrowd Platform Implements Industry-First AI Vulnerability Rating Taxonomy for LLMs

First-ever additions to the open source VRT to define how AI vulnerabilities in Large Language Models for AI are classified, reported, and prioritized in the Bugcrowd Platform

SAN FRANCISCO, December 19, 2023 — Bugcrowd, the only multi-solution crowdsourced cybersecurity platform, today announced updates to the Vulnerability Rating Taxonomy (VRT) that define and prioritize crowdsourced vulnerabilities in Large Language Models (LLMs) for the first time. The VRT is an ongoing open-source effort to standardize how hacker submissions of suspected vulnerabilities are reported in an industry-standard way, and is implemented in the Bugcrowd Platform for use by hackers, customers, and Bugcrowd’s application security engineers.

This latest VRT release, which was partly inspired by the OWASP Top 10 for Large Language Model Applications, marks a milestone for the crowdsourced cybersecurity industry because it gives customers and hackers a shared understanding of how LLM-related vulnerabilities are classified and prioritized. Armed with this information, hackers can focus on hunting for specific vulnerabilities and creating targeted proofs-of-concept, while program owners with LLM-related assets can design project scoping and rewards that produce the best outcomes.

In 2016, Bugcrowd created the VRT, which is now an open-source project for customers, Bugcrowd application security engineers, and researchers to collaborate on a shared understanding of risk severity. The VRT is designed to constantly evolve in order to mirror the current threat environment. Since the VRT’s creation, hundreds of thousands of vulnerability submissions have been created, validated, triaged, and accepted by program owners on the Bugcrowd Platform. 

“Although AI systems can have well-known vulnerabilities that are found in common web applications, AI technologies like LLMs have introduced unprecedented security challenges that our industry is only beginning to understand and document,” said Casey Ellis, Founder and Chief Strategy Officer of Bugcrowd.

“This new release of VRT not only opens up a new form of offensive security research and red teaming to program participants, but it helps companies increase their scope to include these additional attack vectors,” said Ads Dawson, senior security engineer for LLM platform provider Cohere and a key contributor to the release. “I am looking forward to seeing how this VRT release will influence researchers and companies looking to fortify their defenses against these newly introduced attack concepts.”

“At Bugcrowd, we believe that the human ingenuity unleashed by crowdsourced security is the best tool available for meeting AI security goals in a scalable, impactful way that provides more visibility into security ROI,” said Dave Gerry, Chief Executive Officer of Bugcrowd. “With these AI security-related updates to the VRT, the Bugcrowd Platform is positioned as the leading option for meeting that goal.”

To learn more about how the Bugcrowd Platform can equip your organization to protect itself from cyber risk, access link here.

 Read more here: “Defining and Prioritizing AI Vulnerabilities for Security Testing” 

Register here to join our upcoming webinar: AI Safety and Compliance: Securing the New AI Attack Surface with Bugcrowd Founder and Chief Strategy Officer, Casey Ellis and Zach Long, Founder at Conductor AI.

About Bugcrowd

We are Bugcrowd. Since 2012, we’ve been empowering organizations to take back control and stay ahead of threat actors by uniting the collective ingenuity and expertise of our customers and trusted alliance of elite hackers, with our patented data and AI-powered Security Knowledge Platform™. Our network of hackers brings diverse expertise to uncover hidden weaknesses, adapting swiftly to evolving threats, even against zero-day exploits. With unmatched scalability and adaptability, our data and AI-driven CrowdMatch™ technology in our platform finds the perfect talent for your unique fight. We are creating a new era of modern crowdsourced security that outpaces threat actors.

Unleash the ingenuity of the hacker community with Bugcrowd, visit www.bugcrowd.com. Read our blog.

Based in San Francisco, Bugcrowd is supported by Rally Ventures, Costanoa Ventures, Blackbird Ventures, Triangle Peak Partners, and others.

“Bugcrowd”, “CrowdMatch” and “Security Knowledge Platform” are trademarks of Bugcrowd Inc. and its subsidiaries. All other trademarks, trade names, service marks, and logos referenced herein belong to their respective companies.

Contact 
Nathaniel Hawthorne for Bugcrowd
Lumina Communications
press@bugcrowd.com
nathaniel@luminapr.com