Now on Demand: Threat Detection and Incident Response (TDIR) Summit - All Sessions Available
Connect with us

Hi, what are you looking for?


Application Security

Adobe Adds Content Credentials and Firefly to Bug Bounty Program

Adobe is providing incentives for bug bounty hackers to report security flaws in its implementation of Content Credentials and Adobe Firefly.

Adobe Acrobat vulnerability exploited

Adobe on Wednesday announced an expansion of its bug bounty program to include its implementation of Content Credentials and Adobe Firefly.

The company is providing incentives for bug bounty hackers to search for and report security defects specific to Adobe’s implementation of Content Credentials and Adobe Firefly, as part of the company’s bug bounty program running on HackerOne.

Relying on the C2PA open standard and meant to provide transparency about the creation and editing of digital content, Content Credentials are integrated across Adobe applications such as Firefly, Lightroom, Photoshop, and more.

“We are crowdsourcing security testing efforts for Content Credentials to reinforce the resilience of Adobe’s implementation against traditional risks and unique considerations that come with the provenance tool, such as the potential for intentional abuse of Content Credentials by incorrectly attaching them to the wrong asset,” Adobe said in a note announcing the program expansion.

On Adobe Firefly, a set of creative generative AI models available both as standalone web applications and through Firefly-powered features in various Adobe applications, the company seeks to test their resilience against common LLM risks.

“We encourage security researchers to review the OWASP Top 10 for Large Language Models, such as prompt injection, sensitive information disclosure, or training data poisoning, to help focus their research efforts on pinpointing weaknesses in these AI-powered solutions,” Adobe said.

By expanding the scope of its bug bounty program to these solutions, Adobe hopes to receive valuable insights into its generative AI technologies that will complement its internal security program and help it reinforce the security of its products.

“We are committed to working with the broader industry to help strengthen our Content Credentials implementation in Adobe Firefly and other flagship products to bring important issues to the forefront and encourage the development of responsible AI solutions,” Adobe executive vice president Dana Rao said.

Advertisement. Scroll to continue reading.

Interested security researchers can find more information on the scope, rules, and rewards available through Adobe’s bug bounty program on HackerOne, or by joining the company’s private bug bounty program.

Related: Zoom Paid Out $10 Million via Bug Bounty Program Since 2019

Related: Google Bug Bounty Program and Other Initiatives to Secure AI

Related: Microsoft Offers Up to $15,000 in New AI Bug Bounty Program

Written By

Ionut Arghire is an international correspondent for SecurityWeek.


Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.


SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.


People on the Move

Wendy Zheng named as CFO and Joe Diamond as CMO at cyber asset management firm Axonius.

Intelligent document processing company ABBYY has hired Clayton C. Peddy as CISO.

Digital executive protection services provider BlackCloak has appointed Ryan Black as CISO.

More People On The Move

Expert Insights