Adobe Adds Content Credentials and Firefly to Bug Bounty Program

Share This Post

Adobe on Wednesday announced an expansion of its bug bounty program to include its implementation of Content Credentials and Adobe Firefly.

The company is providing incentives for bug bounty hackers to search for and report security defects specific to Adobe’s implementation of Content Credentials and Adobe Firefly, as part of the company’s bug bounty program running on HackerOne.

Relying on the C2PA open standard and meant to provide transparency about the creation and editing of digital content, Content Credentials are integrated across Adobe applications such as Firefly, Lightroom, Photoshop, and more.

“We are crowdsourcing security testing efforts for Content Credentials to reinforce the resilience of Adobe’s implementation against traditional risks and unique considerations that come with the provenance tool, such as the potential for intentional abuse of Content Credentials by incorrectly attaching them to the wrong asset,” Adobe said in a note announcing the program expansion.

On Adobe Firefly, a set of creative generative AI models available both as standalone web applications and through Firefly-powered features in various Adobe applications, the company seeks to test their resilience against common LLM risks.

“We encourage security researchers to review the OWASP Top 10 for Large Language Models, such as prompt injection, sensitive information disclosure, or training data poisoning, to help focus their research efforts on pinpointing weaknesses in these AI-powered solutions,” Adobe said.

By expanding the scope of its bug bounty program to these solutions, Adobe hopes to receive valuable insights into its generative AI technologies that will complement its internal security program and help it reinforce the security of its products.

“We are committed to working with the broader industry to help strengthen our Content Credentials implementation in Adobe Firefly and other flagship products to bring important issues to the forefront and encourage the development of responsible AI solutions,” Adobe executive vice president Dana Rao said.

Advertisement. Scroll to continue reading.

Interested security researchers can find more information on the scope, rules, and rewards available through Adobe’s bug bounty program on HackerOne, or by joining the company’s private bug bounty program.

Related: Zoom Paid Out $10 Million via Bug Bounty Program Since 2019

Related: Google Bug Bounty Program and Other Initiatives to Secure AI

Related: Microsoft Offers Up to $15,000 in New AI Bug Bounty Program

This post was originally published on this site

More Articles
Article

Navigating SEC Regulations In Cybersecurity And Incident Response

Free video resource for cybersecurity professionals. As 2024 approaches, we all know how vital it is to keep up to date with regulatory changes that affect our work. We get it – it’s a lot to juggle, especially when you’re in the trenches working on an investigation, handling, and responding to incidents.
Article

BFU – Seeing is Believing

Oh no, the device is in BFU. This is the common reaction; a device needs extracting, and you find it in a BFU state. Often, there’s an assumption that a BFU extraction will only acquire basic information, but that isn’t always the case.

Report

Harassment or bullying behavior
Contains mature or sensitive content
Contains misleading or false information
Contains abusive or derogatory content
Contains spam, fake content or potential malware

Block Member?

Please confirm you want to block this member.

You will no longer be able to:

  • See blocked member's posts
  • Mention this member in posts
  • Invite this member to groups
  • Message this member
  • Add this member as a connection

Please note: This action will also remove this member from your connections and send a report to the site admin. Please allow a few minutes for this process to complete.

Report

You have already reported this .