Bugcrowd has announced an update to its Vulnerability Rating Taxonomy (VRT) to include Large Language Models (LLMs). This significant development positions the company at the forefront of AI cybersecurity.
Pioneering Steps in AI Vulnerability Assessment
The latest iteration of the VRT, inspired by the OWASP Top 10 for Large Language Model Applications, is a first in the industry. It provides a shared framework for hackers and customers to classify and prioritize vulnerabilities specific to LLMs. This new system allows hackers to focus their efforts on identifying specific vulnerabilities, while enabling program owners to design better project scopes and rewards.
The Evolution of the VRT
Since its creation in 2016, the VRT has emerged as a collaborative, open-source project for standardizing the reporting of vulnerabilities. This tool has been instrumental in processing hundreds of thousands of vulnerability submissions on the Bugcrowd Platform, involving customers, security engineers, and researchers.
What The Future Could Hold
Casey Ellis, Founder and Chief Strategy Officer of Bugcrowd, remarked, "Although AI systems can have well-known vulnerabilities that are found in common web applications, AI technologies like LLMs have introduced unprecedented security challenges that our industry is only beginning to understand and document."
Ads Dawson, senior security engineer for LLM platform provider Cohere and a key contributor to the VRT update, stated, "This new release of VRT not only opens up a new form of offensive security research and red teaming to program participants, but it helps companies increase their scope to include these additional attack vectors. I am looking forward to seeing how this VRT release will influence researchers and companies looking to fortify their defenses against these newly introduced attack concepts."
Dave Gerry, Chief Executive Officer of Bugcrowd, emphasized the importance of human ingenuity in AI security, saying, "At Bugcrowd, we believe that the human ingenuity unleashed by crowdsourced security is the best tool available for meeting AI security goals in a scalable, impactful way that provides more visibility into security ROI. With these AI security-related updates to the VRT, the Bugcrowd Platform is positioned as the leading option for meeting that goal."