With AI investments not slowing down any time soon, one would assume the technology is secure and that there would be no vulnerabilities in the existing platform, but that is not the case. Even if we see the tech giants, they are not free from errors, and their systems can be exploited. Such has been the case recently, where a man discovered a security vulnerability in Meta's AI platform and was rewarded $10,000 for pointing it out to the company. While it might have worked for the person who found the bug, it does serve as a reminder that multi-billion-dollar companies are not immune to flaws either.
Meta pays $10,000 to a man for pointing out an AI security bug, showing how even the tech giants trip
Meta has recently patched a security bug in its AI chatbot that led to private user prompts and also the AI-generated responses being exposed to other users, as reported by TechCrunch. Sandeep Hodkasia, the founder of a security testing firm called AppSecure, stumbled upon the flaw and let the company know about the vulnerability last December. Meta did not hold back on awarding this man for the disclosure and gave him about $10,000 through their bug bounty program.
The tech giant has confirmed that the bug is no longer there and the security vulnerability has been resolved. It was also quick to point out that while the system flaw was there, there was no evidence of it being exploited. Hodkasia detailed that he got to know about the existing gap while he was examining the way Meta AI lets logged-in users edit prompts in order to recreate text and images. This might sound like a simple feature, but given how it exposes sensitive user interaction, it is not plain after all.
The issue with Meta's servers was that they were not fully verifying whether or not the user requesting the prompt had the authorization to access it. Meta's systems gave each prompt a unique identifier; anyone able to modify the identifier could intercept and gain access to the user's prompts and responses without proper authorization. Since the identifiers were predictable, this was a major flaw that could have potentially paved the way for attackers to harvest sensitive information.
The discovery of the security bug is followed by growing scrutiny regarding Meta's AI practices, specifically after its stand-alone app came out last year. The app unintentionally exposes private conversations owing to unclear sharing settings. Many users are unaware that their interactions are shared publicly due to the feature in the app, leading to many questioning the tech giant's approach to ethical and responsible AI.
Follow Wccftech on Google to get more of our news coverage in your feeds.
