News, news analysis, and commentary on the latest trends in cybersecurity technology.
Bugcrowd Announces Vulnerability Ratings for LLMs
The update to the company's Vulnerability Rating Taxonomy offers vulnerability researchers a framework for assessing and prioritizing vulnerabilities in large language models.
December 20, 2023
Bugcrowd has updated its Vulnerability Rating Taxonomy (VRT) with a new rating system to categorize and prioritize vulnerabilities in large language models (LLMs).
Launched in 2016, VRT is an open source initiative that standardizes how vulnerabilities are classified. Used by Bugcrowd and its ecosystem of customer organizations and vulnerability researchers, the VRT provides a framework for assessing the severity of cybersecurity risks. VRT establishes a baseline technical severity rating for common vulnerability classes, considering potential variations in edge cases.
The latest VRT update was partly inspired by the OWASP Top 10 for Large Language Model Applications, according to the company. With this rating system, Bugcrowd's community of vulnerability researchers can focus on hunting for specific vulnerabilities and creating targeted proofs of concept, while program owners with LLM-related assets can design project scoping and rewards that produce the best outcomes, the company said.
“Although AI systems can have well-known vulnerabilities that are found in common web applications, AI technologies like LLMs have introduced unprecedented security challenges that our industry is only beginning to understand and document,” said Casey Ellis, founder and chief strategy officer of Bugcrowd, in a statement.
You May Also Like
Is AI Identifying Threats to Your Network?
May 14, 2024Where and Why Threat Intelligence Makes Sense for Your Enterprise Security Strategy
May 15, 2024Safeguarding Political Campaigns: Defending Against Mass Phishing Attacks
May 16, 2024Why Effective Asset Management is Critical to Enterprise Cybersecurity
May 21, 2024Finding Your Way on the Path to Zero Trust
May 22, 2024
Black Hat USA - August 3-8 - Learn More
August 3, 2024Cybersecurity's Hottest New Technologies: What You Need To Know
March 21, 2024