Latest news with #bugbounty
TechCrunch
15-07-2025
- Business
- TechCrunch
Meta fixes bug that could leak users' AI prompts and generated content
Meta has fixed a security bug that allowed Meta AI chatbot users to access and view the private prompts and AI-generated responses of other users. Sandeep Hodkasia, the founder of security testing firm Appsecure, exclusively told TechCrunch that Meta paid him $10,000 in a bug bounty reward for privately disclosing the bug he filed on December 26, 2024. Meta deployed a fix on January 24, 2025, said Hodkasia, and found no evidence that the bug was maliciously exploited. Hodkasia told TechCrunch that he identified the bug after examining how Meta AI allows its logged-in users to edit their AI prompts to re-generate text and images. He discovered that when a user edits their prompt, Meta's back-end servers assign the prompt and its AI-generated response a unique number. By analyzing the network traffic in his browser while editing an AI prompt, Hodkasia found he could change that unique number and Meta's servers would return a prompt and AI-generated response of someone else entirely. The bug meant that Meta's servers were not properly checking to ensure that the user requesting the prompt and its response was authorized to see it. Hodkasia said the prompt numbers generated by Meta's servers were 'easily guessable,' potentially allowing a malicious actor to scrape users' original prompts by rapidly changing prompt numbers using automated tools. When reached by TechCrunch, Meta confirmed it fixed the bug in January and that the company 'found no evidence of abuse and rewarded the researcher,' Meta spokesperson Ryan Daniels told TechCrunch. News of the bug comes at a time when tech giants are scrambling to launch and refine their AI products, despite many security and privacy risks associated with their use. Meta AI's standalone app, which debuted earlier this year to compete with rival apps like ChatGPT, launched to a rocky start after some users inadvertently publicly shared what they thought were private conversations with the chatbot.
Zawya
03-07-2025
- Business
- Zawya
Gulf Bank launches Bug Bounty and Vulnerability Disclosure Program
As part of Gulf Bank of Kuwait long-term vision to enhance cybersecurity and in line with its strong commitment to protect its customers' data and digital systems from potential threats and hackers, Gulf Bank has officially launched its Vulnerability Disclosure Program (VDP) and Bug Bounty programme. This program seeks to involve the cybersecurity community, comprising experts, specialists, and ethical hackers in assisting the Bank in identifying and resolving vulnerabilities that may affect its systems and services. The objective is to allow the Bank to address the vulnerabilities or issue before they can be exploited by unauthorized individuals. Gulf Bank believes that collaborating with the global cyber researcher community is one of the most powerful tools for creating a secure, reliable digital platform and supports the march towards a more secure ecosystem. As this program is part of the Bank's ongoing strategy to adopt the latest technological solutions in cybersecurity. The program also reflects the Bank's commitment to transparency and openness to specialized expertise. Speaking about the launch event, Mr. Ross McNaughton, Chief Information Security Officer at Gulf Bank said: "The launch of the Bug Bounty and Disclosure programme represents the next step towards enhancing the security of the products and services offered by the Bank. It contributes to the early detection and effective resolution of vulnerabilities, issue, error or technical glitch, thereby improving digital protection and increasing customer trust. The program also provides a rapid response mechanism for security risks and serves as a technical platform to support innovation, trial new services and build an active, collaborative cybersecurity community. He added: "The success of this program will enhance customer confidence in the Bank's digital services and reflects our ongoing commitment to lead in protecting our customers data, swift and continual innovation and development in cybersecurity. It also adopts leading global practices with Cybersecurity community engagement, helping the Bank support cybersecurity advancement in Kuwait and across the region." Gulf Bank launch an open invitation to all cybersecurity professionals, researcher and enthusiast 'hackers' to participate in its Vulnerability Disclosure Program and Bug Bounty programme. Any Individual with the knowledge and skills to analyze and identify security weaknesses, hack or hacking, is eligible to be part of this professional initiative. Mr. McNaughton concluded by saying: 'If you believe you have discovered a security vulnerability or feature that could impact the Bank's systems or services, we encourage you to report it immediately through the official channel and you may be eligible for a financial reward. The rewards' value will be determined by the Bank's specialized team based on the severity of the reported issue.
Yahoo
07-05-2025
- Business
- Yahoo
Bugcrowd Joins AWS ISV Accelerate Program
Strategic Alliance Expands Bugcrowd's Go-to-Market Strategies, Leveraging AWS Network to Deliver Crowdsourced Security Globally DUBAI, May 7, 2025 /PRNewswire/ -- Bugcrowd, a leader in crowdsourced cybersecurity, announced today that it has joined the Amazon Web Services (AWS) Independent Software Vendor (ISV) Accelerate Program, a co-sell program for AWS Partners that provides software solutions that run on or integrate with AWS. The program helps AWS Partners drive new business by directly connecting participating ISVs with the AWS Sales organization. Through participation in the AWS ISV Accelerate Program, the Bugcrowd Platform is now available for AWS on-the-ground sales team. Bugcrowd (PRNewsfoto/Bugcrowd) The Bugcrowd Platform delivers managed bug bounty, vulnerability disclosure programs, penetration testing as a service, red teaming, and AI safety testing, all powered by "The Crowd," Bugcrowd's global community of ethical hackers and pentesters. By integrating with AWS, Bugcrowd will empower new customers to identify and mitigate critical vulnerabilities within their cloud environments. This integration allows the AWS sales team to offer their customers a powerful, proactive security solution, ensuring robust protection against evolving cyber threats. "We're thrilled to join the AWS ISV Accelerate Program and bring the Bugcrowd Platform more directly to AWS customers," said Paul Ciesielski, Chief Revenue Officer, Bugcrowd." This collaboration allows us to directly connect with AWS field sellers, expanding our reach and helping more organizations proactively address their security needs. By simplifying the procurement process and providing seamless integration, we're making it easier for AWS customers to leverage the collective expertise of our global hacker community. Ultimately, partnering with AWS reinforces our commitment to delivering industry-leading capabilities to as many users as possible." Joining the AWS ISV Accelerate Program streamlines the procurement process for AWS customers, granting them simplified access to Bugcrowd's cutting-edge security capabilities. The AWS ISV Accelerate Program provides Bugcrowd with co-sell support and benefits to meet customer needs through collaboration with AWS on-the-ground sales team globally. Co-selling provides better customer outcomes and assures mutual commitment from AWS and its partners. This collaboration creates significant growth opportunities for Bugcrowd to leverage the extensive network and resources from AWS to deliver unparalleled security services, drive optimal customer outcomes, and align with strategic VARs.
