While the potential of Generative AI is exciting, it is crucial to address the potential dangers associated with its misuse. To safeguard against inappropriate requests, AI models undergo rigorous training to reject certain high-risk requests. However, with some cunning manipulation of prompts, it is possible to exploit the AI's limitations and persuade it to disregard its guidelines, potentially leading to compliance with questionable demands. Recognizing this issue, Google aims to instill ethical conduct within its AI. As part of its vulnerability rewards program, which incentivizes individuals who identify vulnerabilities and weaknesses in Google's software (including apps and operating systems), Google is now extending the program to include Bard and questionable prompts. If you are able to manipulate a prompt effectively to make Bard perform an action that violates its intended capabilities, known as a prompt injection attack, Google may provide you with a monetary reward. The VRP also encompasses other attacks that can be carried out on Bard, such as training data extraction, where you successfully obtain sensitive information from the AI, such as personally identifiable details and passwords.
Google already has a separate reporting channel for erroneous or unusual responses, which does not involve payment. The company only offers compensation for vulnerabilities that could be exploited by hackers for malicious purposes. Therefore, if you manage to persuade the AI to use offensive language, provide Windows keys, or make threats, it is unlikely to fall under Google's bounty program. Google also highlights that it does not pay for copyright issues or extraction of non-sensitive data. However, depending on the severity, you might be eligible for thousands of dollars through the program.
By treating these issues as vulnerabilities and including them in its bounty program, Google aims to enhance the strength of its AI and ensure adherence to its ethics and guidelines. Consequently, Google is expected to provide generous monetary rewards to users. Discovering weaknesses within an AI model by testing it with different prompts differs significantly from traditional code analysis, vulnerability identification, and exploitation.
To ensure your interest, take a moment to refer to Google's guidelines on reporting issues related to AI products. This will help you understand the boundaries of what should be reported and what should not.