"Microsoft Offers Up to $15,000 in New AI Bug Bounty Program"
Microsoft recently announced the launch of a new bug bounty program focused on artificial intelligence. The program, which initially focuses on AI-powered Bing, offers rewards of up to $15,000 for vulnerabilities in bing.com in browsers, Bing integration in Edge, Microsoft Start Application, and the Skype mobile applications. Microsoft noted that any vulnerabilities in the AI-powered Bing experiences on bing.com, including Bing Chat, Bing Chat for Enterprise, and Bing Image Creator, are within the scope of the program. For AI-powered Bing integrations, Microsoft is looking for vulnerabilities in the Edge browser on Windows (including Bing Chat for Enterprise) and in iOS and Android applications. Microsoft noted that it is looking for reports describing inference manipulation, model manipulation, and inferential information disclosure vulnerabilities. It will also accept reports on bugs and vulnerability chains that influence or modify Bing’s chat behavior, break Bing’s cross-conversation memory protections, reveal Bing’s internal workings and prompts, and bypass Bing’s chat mode session limits. According to the tech giant, while bug bounty rewards range from $2,000 to $15,000, higher rewards may also be earned based on the vulnerability’s severity and impact and on the submission’s quality. Microsoft noted that to be eligible, submissions should identify previously unreported critical or important vulnerabilities in the AI-powered Bing that can be reproduced in the latest, patched version of the product or service and should include clear details on the bug and the steps to reproduce. Participating security researchers must submit their reports through the MSRC Researcher Portal in the Bing section, include the conversation ID, and describe the attack vector.
SecurityWeek reports: "Microsoft Offers Up to $15,000 in New AI Bug Bounty Program"