News, news analysis, and commentary on the latest trends in cybersecurity technology.

Bugcrowd Announces Vulnerability Ratings for LLMs

The update to the company's Vulnerability Rating Taxonomy offers vulnerability researchers a framework for assessing and prioritizing vulnerabilities in large language models.

December 20, 2023

1 Min Read
Group of panel judges holding up cards with scores on them.
Source: Wavebreak Media Ltd via Alamy Stock Photo

Bugcrowd has updated its Vulnerability Rating Taxonomy (VRT) with a new rating system to categorize and prioritize vulnerabilities in large language models (LLMs).

Launched in 2016, VRT is an open source initiative that standardizes how vulnerabilities are classified. Used by Bugcrowd and its ecosystem of customer organizations and vulnerability researchers, the VRT provides a framework for assessing the severity of cybersecurity risks. VRT establishes a baseline technical severity rating for common vulnerability classes, considering potential variations in edge cases.

The latest VRT update was partly inspired by the OWASP Top 10 for Large Language Model Applications, according to the company. With this rating system, Bugcrowd's community of vulnerability researchers can focus on hunting for specific vulnerabilities and creating targeted proofs of concept, while program owners with LLM-related assets can design project scoping and rewards that produce the best outcomes, the company said.

“Although AI systems can have well-known vulnerabilities that are found in common web applications, AI technologies like LLMs have introduced unprecedented security challenges that our industry is only beginning to understand and document,” said Casey Ellis, founder and chief strategy officer of Bugcrowd, in a statement.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights