Crowdsourced security company Bugcrowd rolled out AI pen testing on the Bugcrowd platform. This release is designed to help AI adopters detect common security flaws before threat actors take advantage. AI pen testing is part of Bugcrowd’s AI safety and security solutions portfolio, in addition to the recently announced AI Bias Assessment offering.
The conversational interfaces in LLM applications can be vulnerable to prompt injection, training data extraction, data poisoning and other types of attacks. Bugcrowd AI pen tests are designed to uncover common flaws using a testing methodology based on its open-source vulnerability rating taxonomy, which draws from the OWASP Top 10 for LLM applications while adding other flaws reported by hackers on our platform.
Many AI applications are integrated with other systems, amplifying risk by serving as a potential access point for wider infiltration by attackers. As GenAI becomes universally adopted, the expanded attack surface will require Bugcrowd’s unique brand of rigorous pressure testing to detect the new vulnerabilities that come along with it.
Pentesters are curated from a bench of trusted testers, selected from the global hacker community for their skills and track record. The Bugcrowd Platform’s data-driven approach to researcher/hacker/pentester sourcing and activation – known as CrowdMatch AI – allows it to rapidly create and optimize crowds with virtually any skill set.
“AI serves as a tool for enhancing attacker productivity, a target for exploitation of weaknesses in AI systems, and a threat due to the unintended security consequences stemming from its use,” said Dave Gerry, CEO, Bugcrowd. “With our new AI pen testing offering, our customers now have a solution to address any AI-based risks – ranging from standard tests for web apps, mobile apps and networks to continuous, crowd-powered testing of complex apps, cloud services, APIs, IoT devices and now AI systems, for maximum risk reduction.”
“The rapid adoption of LLMs in government and enterprise use cases has led to an unprecedented growth in attack surface that adversaries are already exploiting,” said Julian Brownlow Davies, Bugcrowd’s VP of advanced services. “Bugcrowd’s world-class crowdsourced security platform with CrowdMatch AI has enabled us to bring to market high-impact AI/LLM penetration testing delivered by trusted testers with deep domain experience, providing safety and security to our customers against these evolving threats.”
Visit Bugcrowd at RSA Conference 2024, booth #2245. For the company’s partner program, visit here.
