Trend Micro hosts Pwn2Own Ireland to tackle AI risks

Trend Micro has announced the hosting of a contest - dubbed Pwn2Own Ireland - to uncover vulnerabilities in AI-enabled consumer devices.

The contest, supported by Meta, Synology, and QNAP, invites global hackers to identify exploits in AI-driven hardware and software commonly used in consumer products. The initiative seeks to mitigate potential threats posed by such devices, particularly as they increasingly find their way onto enterprise networks amid rising remote work trends.

Mick McCluney, ANZ Field CTO at Trend Micro, highlighted the evolving landscape of enterprise security, stating, "Enterprise security now extends beyond corporate devices. Remote work, bring-your-own-device policies, and sprawling corporate networks have expanded the attack surface, making home-based devices prime targets for cybercriminals. To proactively address this complex challenge, we remained committed to our bug bounty programs like Pwn2Own where researchers are rewarded to find vulnerabilities before attackers exploit them, safeguarding both our enterprise customers and the entire industry."

The proliferation of AI technologies carries both significant potential and risk. With generative AI tools becoming increasingly prevalent, new avenues for cyber threats have emerged, including threats to cloud infrastructures and data security, as well as the production of deepfakes for fraudulent purposes. Consumer devices equipped with AI can pose security threats even without direct connections to business networks, as information used by AI can be stored independently.

The Zero Day Initiative of Trend Micro, which is orchestrating the contest, offers financial incentives for researchers who successfully identify vulnerabilities across seven categories: Mobile Phones, Messenger Apps, The SOHO (Small Office/Home Office) Smashup, Surveillance Systems, Home Automation Hubs, Printers, Smart Speakers, and Network Attached Storage (NAS) Devices. The insights garnered will be incorporated into Trend Micro's threat intelligence in real time, utilising AI in both offensive and defensive capacities.

Dustin Childs, Head of Threat Awareness at Trend Micro's Zero Day Initiative, commented on the significance of addressing vulnerabilities swiftly: "Rapid adoption of AI tools combined with widespread use of consumer devices on enterprise networks is presenting organisations around the world with the challenge of reducing risks that they can't easily oversee. Vulnerabilities in these devices and programs are inevitable, but we're here to find them before threat actors do. In doing so, we reduce risk for all parties - employees, enterprises, partners, and the public - without having to place a greater burden on security staff or budgets."

To tackle the varied threats facing global enterprises, Trend Micro continues to enhance its Trend Vision One platform. Enhancements for 2024 include pioneering security solutions for AI services, detection capabilities for deepfake content, and expanded protection for AI-related infrastructures and deployments in both corporate and governmental environments.

Trend Micro maintains a stance on responsible AI practices, emphasising that security vendors should ensure ethical, transparent, and accountable development and deployment of technologies. The Pwn2Own Ireland event took place in Cork from October 22-25, 2024.