Mozilla has announced the launch of a new bug bounty program focusing on large language models (LLMs) and other deep learning technologies.
Named 0Day Investigative Network (0Din), the new bug bounty project aims to improve the security of the gen-AI ecosystem.
Researchers can use 0Din to report prompt injection, denial of service, training data poisoning, and other types of security issues, such as the ones described by OWASP in the Top 10 for LLM Applications.
Those interested in participating in the program can submit findings to ‘0din at mozilla.com’. Once the report has been validated and confirmed of being in scope of the program, the reporting researcher will receive an offer for purchasing the information. If the offer is accepted, the impacted vendor is contacted.
Mozilla has not made any information available on the potential bug bounty payouts or a list of the targeted products.
SecurityWeek has reached out to Mozilla for clarifications and will update this article if it responds.
“0Din expands the scope to identify and fix GenAI security by delving beyond the application layer with a focus on emerging classes of vulnerabilities and weaknesses in these new generations of models,” Mozilla said.
“Our hope for this program is to help independent researchers with an opportunity to contribute to the development of new security frameworks and best practices tailored for large language models, attention-based systems and generative models,” it added. “They will play a key role in defining and strengthening AI security standards thus shaping the future of secure GenAI technologies and how we use them in our daily lives.”
Related: Netflix Paid Out Over $1 Million via Bug Bounty Program
Related: Adobe Adds Content Credentials and Firefly to Bug Bounty Program
Related: Zoom Paid Out $10 Million via Bug Bounty Program Since 2019
