Latest news with #Intigriti
Channel Post MEA
18-07-2025
- Business
- Channel Post MEA
Intigriti And NVIDIA Partner To Launch Bug Bounty And Vulnerability Disclosure Program
With an expanding threat landscape, a surge in AI-driven products, and a commitment to innovation, NVIDIA is enhancing cybersecurity with a proactive approach by tapping into the global security researcher community. The Intigriti community includes over 125,000 ethical hackers, equipped to test mission-critical AI infrastructure at scale and speed in real-time. The new program includes a web portal that Intigriti members use as an interface to take part in finding and reporting potential cybersecurity issues. This will make it faster for the community and NVIDIA to report and respond to events. 'With the world-class expertise of our community of researchers, we're working with NVIDIA to identify potential vulnerabilities in AI infrastructure, boosting security as AI becomes increasingly embedded in business operations,' said Stijn Jans, CEO and founder, Intigriti. 'This is an exciting moment for our community to help shape cybersecurity in the era of AI.' 'To secure the full stack of AI infrastructure, it takes more than just advanced technology; it requires collaboration across every layer,' said David Reber, Chief Security Officer at NVIDIA. 'Working with Intigriti's global community of AI experts allows a collaborative and diverse approach to identify risks and strengthen the security of the AI ecosystem.' What does this initiative provide? Over the next six months, Intigriti will launch a series of new security testing programs with NVIDIA, including: ● A private bug bounty program, where a variety of assets will be examined, focusing on NVIDIA products. ● A Vulnerability Disclosure Program (no-reward VDP), with all NVIDIA assets in scope. ● An additional private bug bounty package to cover core AI elements.
BBC News
28-04-2025
- Entertainment
- BBC News
What is bug hunting and why is it changing?
Few technology careers offer the chance to demonstrate your skills in exclusive venues worldwide, from luxury hotels to Las Vegas e-sports arenas, peers cheering you on as your name moves up the leaderboard and your earnings rack that's what Brandyn Murtagh experienced within his first year as a bug bounty Murtagh got into gaming and building computers at 10 or 11-years-old and always knew "I wanted to be a hacker or work in security".He began working in a security operations centre at 16, and moved into penetration testing at 20, a job that also involved testing the security of clients' physical and computer security: "I had to forge false identities and break into places and then hack. Quite fun."But in the past year he has became a full-time bug hunter and independent security researcher, meaning he scours organizations' computer infrastructure for security vulnerabilities. And he hasn't looked back. Internet browser pioneer Netscape is regarded as the first technology company to offer a cash "bounty" to security researchers or hackers for uncovering flaws or vulnerabilities in its products, back in the platforms like Bugcrowd and HackerOne in the US, and Intigriti in Europe, emerged to connect hackers and organizations that wanted their software and systems tested for security Bugcrowd founder Casey Ellis explains, while hacking is a "morally agnostic skill set", bug hunters do have to operate within the like Bugcrowd bring more discipline to the bug-hunting process, allowing companies to set the "scope" of what systems they want hackers to target. And they operate those live hackathons where top bug hunters compete and collaborate "hammering" systems, showing off their skills and potentially earning big payoff for companies using platforms like Bugcrowd is also clear. Andre Bastert, global product manager AXIS OS, at Swedish network camera and surveillance equipment firm Axis Communications, said that with 24 million lines of code in its device operating system, vulnerabilities are inevitable. "We realized it's always good to have a second set of eyes."Platforms like Bugcrowd mean "you can use hackers as a force for good," he says. Since opening its bug bounty programme, Axis has uncovered – and patched - as many as 30 vulnerabilities, says Mr Bastert, including one "we deem very severe". The hacker responsible received a $25,000 (£19,300) reward. So, it can be lucrative work. Bugcrowd's top earning hacker over the last year earned over $ while there are millions of hackers registered on the key platforms, Inti De Ceukelaire, chief hacking officer at Intigriti, says the number hunting on a daily or weekly basis is "tens of thousands." The elite tier, who are invited to the flagship live events will be smaller Murtagh says: "A good month would look like a couple of critical vulnerabilities found, a couple of highs, a lot of mediums. Some good pay days in an ideal situation." But he adds, "It doesn't always happen." Yet with the explosion of AI, bug hunters have whole new attack surfaces to Ellis says organizations are racing to gain a competitive advantage with the technology. And this typically has a security impact."In general, if you implement a new technology quickly and competitively, you're not thinking as much about what might go wrong." In addition, he says, AI is not just powerful but "designed to be used by anyone".Dr Katie Paxton-Fear, a security researcher and cybersecurity lecturer at Manchester Metropolitan University, points out that AI is the first technology to explode onto the scene with the formal bug hunting community already in it has levelled the playing field for hackers, says Mr De Ceukelaire. Hackers – both ethical and not – can exploit the technology to speed up and automate their own operations. This ranges from conducting reconnaissance to identify vulnerable systems, to analysing code for flaws or suggesting possible passwords to break into modern AI systems' reliance on large language models also means language skills and manipulation are an important part of the hacker tool kit, Mr De Ceukelaire says he has drawn on classic police interrogation techniques to befuddle chatbots and get them to "crack".Mr Murtagh describes using such social engineering techniques on chatbots for retailers: "I would try and make the chatbot cause a request or even trigger itself to give me another user's order or another user's data." But these systems are also vulnerable to more "traditional" web app techniques, he says. "I have had some success in an attack called cross site scripting, where you can essentially trick the chatbot into rendering a malicious payload that can cause all kinds of security implications."But the threat doesn't stop there. Dr Paxton-Fear says an over-focus on chatbots and large language models can distract from the broader interconnectedness of AI powered systems."If you get a vulnerability in one system, where does that eventually appear in every other system it connects to? Where are we seeing that link between them? That's where I would be looking for these kinds of flaws."Dr Paxton-Fear adds that there hasn't been a major AI-related data breach yet, but "I think it's just a matter of time".In the meantime, the burgeoning AI industry needs to be sure it embraces bug hunters and security researchers, she says. "The fact that some companies don't makes it so much harder for us to do our job of just keeping the world safe."That is unlikely to put off the bug hunters in the meantime. As Mr De Ceukelaire says: "Once a hacker, always a hacker."
