"We Hacked Google A.I. for $50,000" by RONI CARTA | LUPIN


What happens in Vegas doesn’t always stay in Vegas, especially when it involves uncovering vulnerabilities in Google's systems. The story you are about to read starts in Las Vegas at the Venetian Hotel, travels to the heart of Tokyo, and finally ends in France. Joseph "rez0" Thacker, Justin "Rhynorater" Gardner and I, Roni "Lupin" Carta collaborated together to hack on Google's latest Bug Bounty Events, the LLM bugSWAT. Generative Artificial Intelligence (GenAI) and Large Language Models (LLM) have been the center of discussion for the past year. When GPT was released, OpenAI opened the gate for LLM usage in the tech ecosystem. Companies like Meta, Microsoft, and Google are all trying to compete in this brand new paradigm of LLMs. While some are skeptical on the usage of these technologies, others didn't hesitate to use their infrastructure for LLMs. New kind of assistants, classifiers etc... emerged trying to ease and automate a lot of human processes. However, it seems that in the journey, most of the companies forgot all their basic security principles, thus introducing new kinds of security issues. This new field of AI security testing is an interesting area of research, and Google understood that really early on. Their goal is to have an efficient Security Red Teaming process when using AIs in their product, and it is why their Bug Bounty team ran the event "LLM bugSWAT". They challenged researchers from all around the world to try to find vulnerabilities that they hadn't identified themselves.