Microsoft Debuts AI Bug-Bounty Program, Offers $15K

Microsoft has announced its AI bug-bounty program to encourage researchers worldwide to discover vulnerabilities within the Bing generative AI chatbot and AI integrations. Bounty rewards will range from $2,000 to $15,000 for qualified submissions.

Eligible participants must be at least 14 years old, with permission from a legal guardian if they are a minor, and an individual researcher. Should a participant be a public sector employee, the bounty award must go to the public sector organization and be signed by an attorney or executive responsible for its ethics policies. 

The scope of the bounty program extends to AI-powered Bing on bing.com, AI-powered Bing integration in Microsoft Edge, AI-powered Bing integration in the Microsoft Start app, and AI-powered Bing integration in the Skype Mobile app. Any vulnerabilities found in these integrations are qualified for submission and are eligible to win a reward.

Microsoft stated that the goal of the program is to uncover vulnerabilities that have a significant impact on the security of its customers within the AI-powered "Bing experience." When submitting a vulnerability, researchers must ensure that it has not been previously reported, is of critical or important severity as per the Microsoft Vulnerability Severity Classification for AI Systems, and is reproducible on the latest version of the product with clear steps as to how to reproduce the vulnerability. 

Further directions as to how to get started and enter a submission; specific information on different types of vulnerabilities and the winnings they have the potential to earn; research rules of engagement; and terms and conditions, are listed on Microsoft’s website.