Four years ago, the Department of Justice announced it would no longer seek criminal charges against independent and third-party security researchers for “good faith” security research under the Computer Fraud and Abuse Act.
Now, a prominent bug bounty platform is attempting to build a framework for industry to offer similar protections to researchers who study flaws in AI systems, including fields like AI safety and others that look at unintended behaviors and outputs that can impact security outcomes.
Ilona Cohen, chief legal and policy officer at HackerOne, told CyberScoop the Good Faith AI Research Safe Harbor is meant to build off previous efforts — like the DOJ policy change and the company’s own Gold Standard Safe Harbor framework — that provide wider legal freedom for third-party security researchers to prod and test commercial products and systems for flaws and expand them to the AI realm.
HackerOne previously pushed the DOJ to provide further guidance on how its good faith researcher policy would apply to AI systems. Cohen said the department’s language “provides a lot of clarity and helped security researchers have the comfort to be able to do the testing that’s so important to the backbone of our security industry, [but] it doesn’t necessarily apply to all AI research.”
The DOJ’s policy change in 2022 represented a hard-fought victory following years of advocacy by the cybersecurity community. Without further guidance from DOJ, Cohen said it was important for industry to do the same foundational work around advocacy and governance for AI testing that helped good faith hackers convince the agency that independent researchers are an asset to the broader cybersecurity ecosystem.
Participating companies can attach a “banner” to their HackerOne profile advertising their adoption of the protections, which commit them to, among other things, “refraining from legal action … and supporting researchers if third parties pursue claims related to authorized research.”
Even as the Trump administration signals little interest in safety or security issues around AI systems, other policymakers have said strong protections and guardrails should be one of the key differentiators when convincing other countries to adopt U.S.-made AI systems and models over authoritarian competitors like China. Cohen said it was especially critical to open testing of AI systems when they’re being broadly adopted across society.
“Since AI systems are essentially deploying a lot faster than any of the governance or legal frameworks can keep up, that creates some risk … for all of us when people are reluctant to do testing of AI systems,” Cohen said.
Frontier AI companies like OpenAI and Anthropic have generally kept a tighter grip on their own security research programs.
OpenAI, for instance, runs its own network of third-party red team researchers, vetting and selecting them through an application process. According to the company’s website, red-team engagements are commissioned by OpenAI and can be steered to different researchers at the company’s discretion, with participation from some members as little as five-to-10 hours per year. Researchers can also apply under a separate program that focuses on issues like AI safety and misuse.
Anthropic’s responsible disclosure policy defines “good faith” third-party security research as testing information systems “for the sole purpose” of identifying a reportable vulnerability. As such, researchers are expected to only take actions that are “minimally required to reasonably prove that such potential vulnerability exists” and avoid actual harmful actions, such as exfiltrating or deleting data.
It also requires the researcher to “avoid disclosing the existence of or any details relating to the discovered vulnerability to a third party or to the public” without “notice” from the company.
“We fully support researchers’ right to publicly disclose vulnerabilities they discover,” the terms state. “We ask only to coordinate on the timing of such disclosures to prevent potential harm to our services, customers and other parties.”
Anthropic’s terms also seek to broadly indemnify them from any negative outcomes related to the use or integration of their products, using all caps to emphasize that it will “EXPRESSLY DISCLAIM” all warranties of fitness their products may have in areas like “ACCURACY, AVAILABILITY, RELIABILLITY, SECURITY, PRIVACY, COMPATABILITY [and] NON-INFRINGEMENT.”
OpenAI and Anthropic did not respond to a request for comment by the time of publication.