Protect AI Purchases Huntr to Extend Bug Bounties to AI, MLDeal Allows Protect AI Customers to Discover AI, ML Supply Chain Exploits Faster
Protect AI bought one of the world's largest certified naming authorities to create a bug bounty platform focused exclusively on AI and ML open-source software.
The Seattle-based artificial intelligence and machine learning security vendor said its acquisition of Seattle-based Huntr will allow customers to discover exploits in the artificial intelligence or machine learning supply chain weeks before they're publicly revealed. Researchers using Huntr historically looked at bugs across the open-source software arena but will focus on AI- or ML-related flaws going forward.
"This is the world's first bug bounty program that is focused on finding the exploits in the supply chain and the remediation," Protect AI CEO Ian Swanson told Information Security Media Group. "That's really important. There's nothing else like this, and it is desperately needed."
Putting Artificial Intelligence, Machine Learning in the Spotlight
As part of Protect AI, Swanson said Huntr's bug bounty program will focus exclusively on vulnerabilities in artificial intelligence and machine learning packages, libraries, frameworks and foundation models. More than 125 machine learning-based supply chain repositories will be in scope from the onset, he said, and bug hunters can receive payouts of up to $50,000 for certain types of critical vulnerabilities (see: Protect AI Raises $35M to Guard ML From Supply Chain Threats).
By late September, Swanson said, Huntr's technology will be incorporated into Protect AI's signature AI Radar tool as a threat feed, allowing customers to spot issues in their supply chain and identity how to fix them. Protect AI will pull the API from Huntr's Hacktivity feed into AI Radar, providing customers with more insights into both open-source vulnerabilities and remediation strategies, according to Swanson.
"There's nothing else like this, and it is desperately needed."
– Ian Swanson, co-founder and CEO, Protect AI
Swanson expects most of the 10,000 security researchers using Huntr's bug bounty platform will stick around even with the change in scope since many were looking for more opportunities to explore artificial intelligence and machine-learning technology. Protect AI always wanted to be a leader in threat research for AI and ML, Swanson said, and Huntr's crowdsourced approach will get them there faster.
"We tested Huntr at the end of 2022," Swanson said. "It wasn't even just the speed and the velocity, but it was also the intensity of the group. We saw that they're able to dive super deep into these AI and machine-learning packages and find vulnerabilities."
Is More M&A on the Road Map?
Swanson said Protect AI is evaluating other tuck-in acquisition opportunities at this time. Terms of the Huntr transaction weren't disclosed. The deal came less than two weeks after Protect AI had closed a $35 million Series A funding round led by Evolution Equity Partners to expand its AI Radar tool, research unique threats in the AI and ML landscape and further its work around open-source initiatives.
From a metrics standpoint, Swanson said, Protect AI plans to track the number of researchers using Huntr's bug bounty platform as well as the number of cyber vulnerabilities being found and fixed. He said the Huntr platform is the world's fifth-largest certified naming authority for common vulnerabilities and exposures, and researchers have been finding thousands of vulnerabilities on it each year.
"I've been in this space for the past 15 years, leading some of the biggest deployments of AI in the world," Swanson said. "I know the value of the supply chain, and I know the risks of the supply chain."