Yandex invites white-hat hackers to test its generative AI models
Yandex has launched a new Bug Bounty program focused on its generative AI technologies. The company offers financial rewards to researchers who find vulnerabilities in the YandexGPT and YandexART model families and the related infrastructure.
Yandex has been running Bug Bounty programs since 2012 and regularly expands them to cover more products and services. The goal is to invite ethical hackers to look for potential security vulnerabilities to keep Yandex technologies safe and reliable.
Under the new program, external researchers will search for flaws that could disrupt how the models work or learn, such as forcing a failure or manipulating the model to interfere with other Yandex services.
The vulnerability must be properly documented in a standardized report format to qualify for the Bug Bounty program. Reports about inaccurate responses or incorrect images generated by the models won“t be considered. Payouts depend on the severity of the issue and how easy it is to exploit. Critical issues include those that could expose internal model configurations, technical prompts, or other sensitive data. The program's website has a complete list of eligible issues and potential rewards.
Generative neural networks are becoming more widely adopted across Yandex services and among its partners. YandexGPT and YandexART are already used in over 20 services and products for consumers and businesses — from Alice and Search with Neuro to Yandex Direct and Yandex Cloud solutions, including those available to third-party developers via API. Adding generative neural networks to the Bug Bounty program allows for independent security checks and helps confirm that Yandex technologies meet high safety standards.
All Yandex technologies, including generative models, are built with security in mind at every stage — from initial design to deployment. The security team reviews the planned service architecture at the design stage, checks it for potential vulnerabilities, and ensures it meets security standards. Yandex also investigates potential attack methods targeting neural networks and develops defenses against possible threats. For example, Yandex Antirobot helps defend AI services from DDoS attacks, while a monitoring center detects threats and analyzes suspicious activity across the infrastructure. Yandex also conducts regular internal audits to make sure its services stay secure.
Contacts
Yandex Press Office
pr@yandex-team.com