Security researchers can pocket financial rewards in the new Microsoft AI Bounty Program

Microsoft mirror building logo

Microsoft now has a bug bounty program that aims to find issues in artificial intelligence. Specifically, the Microsoft AI Bounty Program is focused on tracking down vulnerabilities in the company’s own AI-powered "Bing experience". This catch-all term covers a surprising number of products and services.

Interestingly, with this bounty program Microsoft is only offering rewards for the discovery of vulnerabilities considered Critical or Important. Those that are deemed of Moderate or Low severity will go unrewarded.

See also:

With rewards of up to $15,000 available, the incentive for security researchers to get involved and help Microsoft to improve its products and services is fairly strong. While the focus on the AI-powered Bing experience may sound a little narrow -- not that this would necessarily be cause for complaint or concern -- Microsoft explains the full range of what is eligible:

  • AI-powered Bing experiences on bing.com in Browser (All major vendors are supported, including Bing Chat, Bing Chat for Enterprise, and Bing Image Creator)  
  • AI-powered Bing integration in Microsoft Edge (Windows), including Bing Chat for Enterprise 
  • AI-powered Bing integration in the Microsoft Start Application (iOS and Android)   
  • AI-powered Bing integration in the Skype Mobile Application (iOS and Android)

There is scope for higher payments for particularly severe bug discoveries, but Microsoft warns that this is entirely at its discretion.

The company also says that there is potential that other payment discoveries, specifically "individual and/or chains of vulnerabilities that lead to concrete outcomes within these attack domains" would be considered. This includes:

  • Influencing and changing Bing’s chat behavior across user boundaries, i.e. change the AI in ways that impact all other users.
  • Modifying Bing’s chat behavior by adjusting client and/or server visible configuration, such as setting debug flags, changing feature flags, etc.
  • Breaking Bing’s cross-conversation memory protections and history deletion.
  • Revealing Bing’s internal workings and prompts, decision making processes and confidential information.
  • Bypassing Bing’s chat mode session limits and/or restrictions/rules. 

Full details of the Microsoft AI Bounty Program can be found here.

Image credit: liorpt / depositphotos

Comments are closed.

© 1998-2024 BetaNews, Inc. All Rights Reserved. Privacy Policy - Cookie Policy.