Adobe partners with ethical hackers for bug detection in Content Credentials and Adobe Firefly

Delhi: Adobe has announced the expansion of the Adobe bug bounty program to reward security researchers for discovering and responsibly disclosing bugs specific to our implementation of Content Credentials and Adobe Firefly. 

Content Credentials are built on the C2PA open standard and serve as tamper-evident metadata that can be attached to digital content to provide transparency about their creation and editing process. 

Content Credentials are currently integrated across popular Adobe applications such as Adobe Firefly, Photoshop, Lightroom and more. 

Adobe is also crowdsourcing security testing efforts for Content Credentials against traditional risks and unique considerations that come with the provenance tool, such as the potential for intentional abuse of Content Credentials by incorrectly attaching them to the wrong asset.

Adobe believes that by proactively engaging with the security community, additional insights can be gained into generative AI technologies which, in turn, will provide valuable feedback to their internal teams and security program. 

In addition to the hacker-powered research, Adobe leverages their security program that includes penetration testing, red-teaming, code scanning to continually enhance the security of products and systems, including Adobe Firefly and Content Credentials implementation.

“The skills and expertise of security researchers play a critical role in enhancing security and now can help combat the spread of misinformation,” Dana Rao, executive vice president, general counsel and chief trust officer at Adobe. “We are committed to working with the broader industry to help strengthen our Content Credentials implementation in Adobe Firefly and other flagship products to bring important issues to the forefront and encourage the development of responsible AI solutions.”

“Building safe and secure AI products starts by engaging experts who know the most about this technology’s risks. The global ethical hacker community helps organizations not only identify weaknesses in generative AI but also define what those risks are,” said Dane Sherrets, senior solutions Architect at HackerOne. “We commend Adobe for proactively engaging with the community, responsible AI starts with responsible product owners.”

“It’s great to see the scope of products widen to encompass areas such as artificial intelligence, combating misinformation, Internet of Things, and even cars. These additions may require additional training for ethical hackers to acquire the necessary skills to uncover critical vulnerabilities," said Ben Sadeghipour, founder of NahamSec.“Bug Bounty Village is committed to expanding our workshops and partnering with more organisations, like Adobe, to ensure security researchers are equipped with the right tools to protect these technologies.”