Bugcrowd Platform Implements Industry-First AI Vulnerability Rating Taxonomy for LLMs
December 2023 by Marc Jacob
Bugcrowd announced updates to the Vulnerability Rating Taxonomy (VRT) that define and prioritize crowdsourced vulnerabilities in Large Language Models (LLMs) for the first time. The VRT is an ongoing open-source effort to standardize how hacker submissions of suspected vulnerabilities are reported in an industry-standard way, and is implemented in the Bugcrowd Platform for use by hackers, customers, and Bugcrowd’s application security engineers.
This latest VRT release, which was partly inspired by the OWASP Top 10 for Large Language Model Applications, marks a milestone for the crowdsourced cybersecurity industry because it gives customers and hackers a shared understanding of how LLM-related vulnerabilities are classified and prioritized. Armed with this information, hackers can focus on hunting for specific vulnerabilities and creating targeted proofs-of-concept, while program owners with LLM-related assets can design project scoping and rewards that produce the best outcomes.
In 2016, Bugcrowd created the VRT, which is now an open-source project for customers, Bugrowd application security engineers, and researchers to collaborate on a shared understanding of risk severity. The VRT is designed to constantly evolve in order to mirror the current threat environment. Since the VRT’s creation, hundreds of thousands of vulnerability submissions have been created, validated, triaged, and accepted by program owners on the Bugcrowd Platform.