Mozilla has unveiled a new bug bounty program called 0Day Investigative Network (0Din), focusing on identifying security vulnerabilities in large language models (LLMs) and other deep learning technologies. The initiative aims to bolster the security of the gen-AI ecosystem by encouraging researchers to report various security issues, including prompt injection and denial of service attacks. Through 0Din, Mozilla seeks to address emerging classes of vulnerabilities in LLM applications beyond the traditional application layer, enhancing security standards for AI technologies.
Researchers interested in participating in the program can submit their findings to ‘0din at mozilla.com’. Upon validation and confirmation that the report falls within the program’s scope, the reporting researcher may receive an offer to purchase the information. Accepted offers prompt contact with the impacted vendor for resolution. However, Mozilla has yet to disclose information regarding potential bug bounty payouts or a list of targeted products, leaving some aspects of the program unclear.
Mozilla emphasizes the importance of independent researchers in contributing to the development of new security frameworks and best practices tailored for large language models and generative AI technologies. The organization believes that these researchers will play a crucial role in defining and strengthening AI security standards, ultimately shaping the future of secure GenAI technologies and their everyday applications. SecurityWeek has reached out to Mozilla for further clarifications, and the article will be updated accordingly once a response is received.
