Microsoft has expanded its bug bounty program for AI by launching an AI bounty program specifically targeting vulnerabilities in its new AI-powered Bing experiences. The program aims to attract security researchers from around the world to discover vulnerabilities within the AI-powered Bing experience [3].


The AI bug-bounty program launched by Microsoft focuses on the Bing generative AI chatbot and AI integrations. The program offers rewards ranging from $2,000 to $15,000 for qualified submissions [1] [2] [5] [9]. Participants must be at least 14 years old and have permission from a legal guardian if they are minors [1] [5] [7]. The scope of the program includes AI-powered Bing on [1] [2] [5], AI-powered Bing integration in Microsoft Edge [1] [2] [3] [5] [6] [8], AI-powered Bing integration in the Microsoft Start app [1] [2] [3] [5] [6], and AI-powered Bing integration in the Skype Mobile app [1] [2] [5]. The goal of the program is to uncover vulnerabilities that have a significant impact on the security of customers within the AI-powered “Bing experience.” Researchers must ensure that the vulnerability has not been previously reported [1] [5], is of critical or important severity [1] [5], and is reproducible on the latest version of the product [1] [5].

In the past year [6] [7], Microsoft paid $13.8 million in rewards to security researchers who reported 1,180 vulnerabilities across 17 different bug bounty programs [6] [7]. The company has expanded its bug bounty program to include on-premises Exchange [6], SharePoint [6] [7], and Skype for Business [6] [7], and increased the maximum awards for high-impact security flaws reported through the Microsoft 365 program [6].


The AI Bug Bounty program launched by Microsoft rewards individuals for improving the AI-powered Bing experience [4]. The program offers rewards ranging from $2,000 to $15,000 and focuses on enhancing security against emerging vulnerabilities [4]. Microsoft aims to keep its customers updated on evolving tools and security concerns [4]. The AI incentive program is the result of extensive research and development [4], including an AI security research challenge and an update to Microsoft’s vulnerability severity rating for AI systems [4]. Researchers who contribute to the discovery and fixing of vulnerabilities may receive public recognition and points in Microsoft’s researcher recognition program [4].