Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

"Abuse Risks are Often Inherent to Product Features": Exploring AI Vendors' Bug Bounty and Responsible Disclosure Policies

Yangheran Piao, Jingjie Li, Daniel W. Woods

TL;DR

This paper empirically maps vulnerability disclosure policies across 264 AI vendors, revealing that 36% lack a public disclosure channel and only 18% explicitly address AI risks. By extending a prior policy-structure framework to include AI-specific elements, the authors show that AI-system vulnerabilities are most consistently in-scope, while AI-feature issues like hallucinations are often out-of-scope. They identify three vendor profiles—proactive clarification, silent, and restrictive—highlighting substantial variation in how AI vulnerabilities are treated. The analysis finds a misalignment between industry practices and AI incidents and academic research, with policy updates lagging behind. The work advocates broader, clearer AI vulnerability disclosure, better supply-chain reporting, and ongoing monitoring of safety risks to improve AI security.

Abstract

As vendors adopt AI technologies, security researchers are working to uncover and fix related vulnerabilities, which is important given AI systems handle sensitive data and critical functions. This process relies on vendors receiving and rewarding AI vulnerability reports. To assess current practices, we analyzed the vulnerability disclosure policies of 264 AI vendors. We employed a mixed-methods approach, combining snapshot and longitudinal qualitative analysis, as well as comparing alignment with 320 AI incidents and 260 academic articles. Our analysis reveals that 36% of AI vendors have no established policy, and only 18% mention AI risks. Data access, authorization, and model extraction vulnerabilities are most consistently declared in-scope. Jailbreaking and hallucination are most commonly declared out-of-scope. We identify three profiles that reflect vendors' different positions toward AI vulnerabilities: proactive clarification (n = 46), silent (n = 115), and restrictive (n = 103). Our alignment results suggest that vendors may address AI vulnerability disclosure later than academic research and real-world incidents.

"Abuse Risks are Often Inherent to Product Features": Exploring AI Vendors' Bug Bounty and Responsible Disclosure Policies

TL;DR

This paper empirically maps vulnerability disclosure policies across 264 AI vendors, revealing that 36% lack a public disclosure channel and only 18% explicitly address AI risks. By extending a prior policy-structure framework to include AI-specific elements, the authors show that AI-system vulnerabilities are most consistently in-scope, while AI-feature issues like hallucinations are often out-of-scope. They identify three vendor profiles—proactive clarification, silent, and restrictive—highlighting substantial variation in how AI vulnerabilities are treated. The analysis finds a misalignment between industry practices and AI incidents and academic research, with policy updates lagging behind. The work advocates broader, clearer AI vulnerability disclosure, better supply-chain reporting, and ongoing monitoring of safety risks to improve AI security.

Abstract

As vendors adopt AI technologies, security researchers are working to uncover and fix related vulnerabilities, which is important given AI systems handle sensitive data and critical functions. This process relies on vendors receiving and rewarding AI vulnerability reports. To assess current practices, we analyzed the vulnerability disclosure policies of 264 AI vendors. We employed a mixed-methods approach, combining snapshot and longitudinal qualitative analysis, as well as comparing alignment with 320 AI incidents and 260 academic articles. Our analysis reveals that 36% of AI vendors have no established policy, and only 18% mention AI risks. Data access, authorization, and model extraction vulnerabilities are most consistently declared in-scope. Jailbreaking and hallucination are most commonly declared out-of-scope. We identify three profiles that reflect vendors' different positions toward AI vulnerabilities: proactive clarification (n = 46), silent (n = 115), and restrictive (n = 103). Our alignment results suggest that vendors may address AI vulnerability disclosure later than academic research and real-world incidents.

Paper Structure

This paper contains 35 sections, 5 figures, 2 tables.

Table of Contents

  1. Introduction
  2. Related Work
  3. Methodology
  4. Data Collection
  5. Disclosure Policy Analysis (RQ1, RQ2)
  6. High-Level Structure
  7. AI-specific Analysis
  8. Incidents and Research Trends (RQ3)
  9. RQ1: Reporting Practices Measurement
  10. Current Status
  11. Policy Structure
  12. AI-Specific Vulnerabilities
  13. Policy Evolution
  14. RQ2: Profiles and Positions
  15. Proactive Clarification
  16. ...and 20 more sections

Figures (5)

  • Figure 1: Methodology overview.
  • Figure 2: Mapping AI company categories to vulnerability disclosure approaches.
  • Figure 3: Monthly cumulative AI mention updates by policy element.
  • Figure 4: Yearly distribution of AI security & safety papers by topic based on meta-taxonomy in Appendix \ref{['sec:Taxonomy']}.
  • Figure 5: Monthly distribution of AI incidents impacting vendors in our corpus across MIT risk domains Risk24.