Exciting news arrives from the US tech giant, Microsoft, as they unveil their AI bug bounty program designed to detect vulnerabilities within their newly launched AI-driven Bing services and affiliated applications. The incentive for security researchers globally is an attractive reward, with opportunities to earn up to $15,000, which amounts to approximately Rs 12,51,347.
Microsoft Launches Global AI Bug Bounty to Boost Bing’s Security
Microsoft’s primary objective with this program is to stimulate researchers worldwide to seek out potential weaknesses in the Bing chatbot and various AI integrations that accompany it. In their official announcement, Microsoft stated, “The Microsoft AI bounty program invites security researchers from across the globe to discover vulnerabilities in the new, innovative, AI-powered Bing experience. Qualified submissions are eligible for bounty rewards from $2,000 to $15,000.”
This program casts a wide net, welcoming security researchers irrespective of their level of experience or geographical location. Researchers can present their findings through the Microsoft Security Research Center (MSRC) portal, providing a streamlined process for reporting vulnerabilities.
Wide-reaching Scope – Microsoft’s AI Bounty Program Targets AI-Powered Bing Security
The scope of this bounty program encompasses vulnerabilities within several products and integrations:
AI-powered Bing experiences on bing.com in web browsers, accommodating all major vendors. These include Bing Chat, Bing Chat for Enterprise, and Bing Image Creator.
AI-powered Bing integration in Microsoft Edge for Windows, which also includes Bing Chat for Enterprise.
AI-powered Bing integration within the Microsoft Start Application for iOS and Android.
AI-powered Bing integration in the Skype Mobile Application for iOS and Android.
This wide-ranging scope ensures that any vulnerabilities discovered within these integrations are eligible for submission and, consequently, in contention for a reward.
Microsoft has set forth particular eligibility criteria for bug submissions. For a bug to qualify for a bounty, it must be a novel discovery not previously reported to Microsoft. Furthermore, the vulnerability should be of critical or significant severity, conforming to the “Microsoft Vulnerability Severity Classification for AI Systems.” It must be replicable on the most recent, fully updated version of the respective product or service.
In addition to these criteria, submitters need to provide precise steps to recreate the bug and should be at least 14 years old. If the researcher is a minor, they must have legal guardian consent to participate.
Microsoft’s ultimate objective with this AI bounty program is to uncover significant vulnerabilities within the innovative AI-driven Bing experience, vulnerabilities that directly and demonstrably impact the security of their customers.
