ΑΙhub.org
 

Bug bounties for algorithmic harms? – a report from the Algorithmic Justice League


by
09 February 2022



share this:

bug bountiesImage from the report “Bug bounties for algorithmic harms?” Credit: AJL.

Researchers from the Algorithmic Justice League (AJL) have released a report which takes a detailed look at bug bounty programmes (BBPs) and how these could be used to address various kinds of socio-technical problems, including algorithmic harm.

BBPs are mechanisms that incentivize hackers to identify and report cybersecurity vulnerabilities. Hundreds of companies and organizations regularly use BBPs to buy security flaws from hackers. Now, BBPs have been adopted to address a wider spectrum of socio-technical harms and risks beyond security bugs.

However, as report authors Josh Kenway, Camille François, Sasha Costanza-Chock, Inioluwa Deborah Raji, and Joy Buolamwini note, the conditions under which BBPs might constitute appropriate mechanisms for addressing socio-technical concerns remain relatively unexamined.

To compile their report the authors held interviews with BBP experts and practitioners, they reviewed the existing literature, and they analysed historical and present-day approaches to vulnerability disclosure. There were three main lines of enquiry for the team. They considered how BBPs might be used to:

  • Foster and nurture participation and community among researchers
  • Shape field development by fostering the development of resources and methods
  • Drive transparency and accountability across the industry

The five key takeaways from the report are as follows:

  1. Prepare to include socio-technical concerns. Only a few companies/organisations have expanded their current programs to include socio-technical issues, and no clear best-practices have emerged. The report provides recommendations for how to shape BBPs for algorithmic harm discovery and mitigation.
  2. Look across the lifecycle. Bug bounties are just one tool for enhancing cybersecurity. Likewise, BBPs for algorithmic harm will need to be accompanied by other mechanisms in order to assess and act on reports of such harms.
  3. Nurture the community of practice. There is a sense of community within bug bounty platforms with organisations and members sharing educational materials, resources and tools. The authors caution against approaches that exclude those from fields outside of computer science
  4. Intentionally develop a diverse, inclusive community. Successfully deploying BBPs for algorithmic harms will require serious effort to recruit and retain diverse communities of researchers and community advocates, and to ensure fair compensation for work.
  5. Foster and protect participatory, adversarial research, and guarantee some form of public disclosure. Greater protection for third-party algorithmic harms research is needed.

You can find the full pdf version of the report here. This includes more background information, findings and recommendations pertaining to the five key takeaways, interviews with experts, and a case study of Twitter’s recent bias bounty pilot.

Report citation

Kenway, Josh, Camille François, Sasha Costanza-Chock, Inioluwa Deborah Raji, and Joy Buolamwini. Bug Bounties For Algorithmic Harms? Lessons from Cybersecurity Vulnerability Disclosure for Algorithmic Harms Discovery, Disclosure, and Redress. Washington, DC: Algorithmic Justice League. January 2022. Available at https://ajl.org/bugs.




Lucy Smith is Senior Managing Editor for AIhub.
Lucy Smith is Senior Managing Editor for AIhub.




            AIhub is supported by:



Related posts :



monthly digest

AIhub monthly digest: August 2025 – causality and generative modelling, responsible multimodal AI, and IJCAI in Montréal and Guangzhou

  29 Aug 2025
Welcome to our monthly digest, where you can catch up with AI research, events and news from the month past.

Interview with Benyamin Tabarsi: Computing education and generative AI

  28 Aug 2025
Read the latest interview in our series featuring the AAAI/SIGAI Doctoral Consortium participants.

The value of prediction in identifying the worst-off: Interview with Unai Fischer Abaigar

  27 Aug 2025
We hear from the winner of an outstanding paper award at ICML2025.

#IJCAI2025 social media round-up: part two

  26 Aug 2025
Find out what the participants got up to during the main part of the conference.

AI helps chemists develop tougher plastics

  25 Aug 2025
Researchers created polymers that are more resistant to tearing by incorporating stress-responsive molecules identified by a machine learning model.

RoboCup@Work League: Interview with Christoph Steup

  22 Aug 2025
Find out more about the RoboCup League focussed on industrial production systems.

Interview with Haimin Hu: Game-theoretic integration of safety, interaction and learning for human-centered autonomy

  21 Aug 2025
Hear from Haimin in the latest in our series featuring the 2025 AAAI / ACM SIGAI Doctoral Consortium participants.

Congratulations to the #IJCAI2025 distinguished paper award winners

  20 Aug 2025
Find out who has won the prestigious awards at the International Joint Conference on Artificial Intelligence.



 

AIhub is supported by:






 












©2025.05 - Association for the Understanding of Artificial Intelligence