Microsoft Debuts AI Bug-Bounty Program, Offers $15KMicrosoft Debuts AI Bug-Bounty Program, Offers $15K
The goal of the program is to uncover critical or important vulnerabilities within the AI-powered Bing program.
October 13, 2023
Microsoft has announced its AI bug-bounty program to encourage researchers worldwide to discover vulnerabilities within the Bing generative AI chatbot and AI integrations. Bounty rewards will range from $2,000 to $15,000 for qualified submissions.
Eligible participants must be at least 14 years old, with permission from a legal guardian if they are a minor, and an individual researcher. Should a participant be a public sector employee, the bounty award must go to the public sector organization and be signed by an attorney or executive responsible for its ethics policies.
The scope of the bounty program extends to AI-powered Bing on bing.com, AI-powered Bing integration in Microsoft Edge, AI-powered Bing integration in the Microsoft Start app, and AI-powered Bing integration in the Skype Mobile app. Any vulnerabilities found in these integrations are qualified for submission and are eligible to win a reward.
Microsoft stated that the goal of the program is to uncover vulnerabilities that have a significant impact on the security of its customers within the AI-powered "Bing experience." When submitting a vulnerability, researchers must ensure that it has not been previously reported, is of critical or important severity as per the Microsoft Vulnerability Severity Classification for AI Systems, and is reproducible on the latest version of the product with clear steps as to how to reproduce the vulnerability.
Further directions as to how to get started and enter a submission; specific information on different types of vulnerabilities and the winnings they have the potential to earn; research rules of engagement; and terms and conditions, are listed on Microsoft’s website.
About the Author(s)
You May Also Like
Hacking Your Digital Identity: How Cybercriminals Can and Will Get Around Your Authentication MethodsOct 26, 2023
Modern Supply Chain Security: Integrated, Interconnected, and Context-DrivenNov 06, 2023
How to Combat the Latest Cloud Security ThreatsNov 06, 2023
Reducing Cyber Risk in Enterprise Email Systems: It's Not Just Spam and PhishingNov 01, 2023
SecOps & DevSecOps in the CloudNov 06, 2023
Passwords Are Passe: Next Gen Authentication Addresses Today's Threats
How to Deploy Zero Trust for Remote Workforce Security
What Ransomware Groups Look for in Enterprise Victims
How to Use Threat Intelligence to Mitigate Third-Party Risk
Securing the Remote Worker: How to Mitigate Off-Site Cyberattacks