Microsoft has expanded its bug bounty program for AI by launching an AI bounty program specifically targeting vulnerabilities in its new AI-powered Bing experiences. The program aims to attract security researchers from around the world to discover vulnerabilities within the AI-powered Bing experience [3].
Description
The AI bug-bounty program launched by Microsoft focuses on the Bing generative AI chatbot and AI integrations. The program offers rewards ranging from $2,000 to $15,000 for qualified submissions [1] [2] [5] [9]. Participants must be at least 14 years old and have permission from a legal guardian if they are minors [1] [5] [7]. The scope of the program includes AI-powered Bing on bing.com [1] [2] [5], AI-powered Bing integration in Microsoft Edge [1] [2] [3] [5] [6] [8], AI-powered Bing integration in the Microsoft Start app [1] [2] [3] [5] [6], and AI-powered Bing integration in the Skype Mobile app [1] [2] [5]. The goal of the program is to uncover vulnerabilities that have a significant impact on the security of customers within the AI-powered “Bing experience.” Researchers must ensure that the vulnerability has not been previously reported [1] [5], is of critical or important severity [1] [5], and is reproducible on the latest version of the product [1] [5].
In the past year [6] [7], Microsoft paid $13.8 million in rewards to security researchers who reported 1,180 vulnerabilities across 17 different bug bounty programs [6] [7]. The company has expanded its bug bounty program to include on-premises Exchange [6], SharePoint [6] [7], and Skype for Business [6] [7], and increased the maximum awards for high-impact security flaws reported through the Microsoft 365 program [6].
Conclusion
The AI Bug Bounty program launched by Microsoft rewards individuals for improving the AI-powered Bing experience [4]. The program offers rewards ranging from $2,000 to $15,000 and focuses on enhancing security against emerging vulnerabilities [4]. Microsoft aims to keep its customers updated on evolving tools and security concerns [4]. The AI incentive program is the result of extensive research and development [4], including an AI security research challenge and an update to Microsoft’s vulnerability severity rating for AI systems [4]. Researchers who contribute to the discovery and fixing of vulnerabilities may receive public recognition and points in Microsoft’s researcher recognition program [4].
References
[1] https://www.darkreading.com/vulnerabilities-threats/microsoft-debuts-ai-bug-bounty-program-offers-15k
[2] https://flyytech.com/2023/10/15/microsoft-debuts-ai-bug-bounty-program-offers-15k/
[3] https://www.onmsft.com/news/microsoft-announces-new-ai-bounty-program-for-bing-with-rewards-up-to-15000/
[4] https://cybersecuritynews.com/microsoft-ai-bug-bounty-program/
[5] https://www.threatshub.org/blog/microsoft-debuts-ai-bug-bounty-program-offers-15k/
[6] https://cyber.vumetric.com/security-news/2023/10/12/new-microsoft-bug-bounty-program-focuses-on-ai-powered-bing/
[7] https://www.indiatvnews.com/technology/news/earn-up-to-15-000-for-uncovering-ai-vulnerabilities-in-microsoft-s-bing-experience-2023-10-15-897921
[8] https://www.itpro.com/security/cyber-attacks/microsoft-announces-bing-ai-bug-bounty-with-rewards-of-up-to-dollar15000
[9] https://mspoweruser.com/microsoft-ai-bounty-program-bing-experiences/
