Tag: AI Security

  • NIST Seeks Public Feedback on High-Performance Computing Security Guidelines

    NIST Seeks Public Feedback on High-Performance Computing Security Guidelines

    The National Institute of Standards and Technology (NIST) has released the initial public draft of NIST Special Publication (SP) 800-234, titled High-Performance Computing Security Overlay, and is calling for public comments until July 3, 2025. This document addresses the urgency of securing high-performance computing systems, which are crucial for advanced artificial intelligence, machine learning, and complex data analysis.

    High-performance computing systems form the backbone for numerous high-demand applications, making their security a priority for organizations utilizing these technologies. The publication highlights essential measures to protect sensitive data and AI models, emphasizing the importance of safeguarding computational resources.

    The SP 800-234 introduces a security overlay specifically tailored to the unique attributes of high-performance computing environments. It builds upon the moderate baseline defined in SP 800-53B, enhancing 60 security controls with additional guidance relevant to high-performance contexts. This overlay is designed to provide organizations with practical security guidance while allowing for necessary customizations based on particular operational needs.

    As the public comment period remains open, NIST encourages stakeholders to review the draft and provide feedback through the NIST HPC Security Working Group’s website. This initiative aims to refine the security framework for high-performance computing to ensure robust protection against emerging threats.

  • OpenAI Expands Bug Bounty Program and Cybersecurity Initiatives

    OpenAI Expands Bug Bounty Program and Cybersecurity Initiatives

    On March 26, OpenAI announced significant updates to its Cybersecurity Grant Program, bug bounty program, and overall AI security initiatives, all intended to strengthen its commitment to user security. The updated Cybersecurity Grant Program, which has been in place for two years, has now broadened its scope by accepting proposals for a wider range of cybersecurity projects. This includes prioritizing research in software patching, model privacy, detection and response, security integration, and agentic security.

    Remarkably, OpenAI is also introducing microgrants in the form of API credits for researchers with high-quality proposals. These microgrants are designed to help with the rapid prototyping of innovative cybersecurity ideas and experiments, further encouraging a culture of research and innovation within the field.

    The most notable update to their bug bounty program is a substantial increase in the maximum potential payout. OpenAI has raised the bug bounty limit for ‘exceptional and differentiated critical findings’ from $20,000 to an impressive $100,000. This program, which debuted nearly two years ago in collaboration with Bugcrowd, has already rewarded 209 submissions, highlighting OpenAI’s serious commitment to maintaining high security standards. As Michael Skelton, vice president of operations at Bugcrowd, emphasized, the proactive nature of OpenAI’s security measures has garnered significant public interest.

    Furthermore, to address growing threats to its artificial general intelligence (AGI) technology, OpenAI is enhancing its security infrastructure through various initiatives. This includes deploying AI-driven defenses, collaborating with SpecterOps for ongoing security evaluations, and developing better strategies to prevent prompt injection attacks. The company aims to solidify its security stance while responding to an increasingly sophisticated cyber threat landscape.

    With these advancements, OpenAI not only aims to attract top security talent but also to preemptively address vulnerabilities before they can escalate into major incidents, as noted by Stephen Kowski, field CTO at SlashNext Email+ Security. As competition intensifies in the AI sector, the implications of these updates will likely resonate across the industry.