Article Details
Scrape Timestamp (UTC): 2023-10-12 17:31:22.669
Original Article Text
Click to Toggle View
New Microsoft bug bounty program focuses on AI-powered Bing. Microsoft announced a new AI bounty program focused on the AI-driven Bing experience, with rewards reaching $15,000. With the AI-powered Bing experience as the first in-scope product for the new bug bounty program, security researchers can submit vulnerabilities found in the following list of eligible services and products: "The Microsoft AI bounty program invites security researchers from across the globe to discover vulnerabilities in the new, innovative, AI-powered Bing experience. Qualified submissions are eligible for bounty rewards from $2,000 to $15,000 USD," Microsoft explains on the AI bounty program's website. "Submissions identifying vulnerabilities in Bing related online services will be considered under the M365 Bounty Program. All submissions are reviewed for bounty eligibility, so don't worry if you aren't sure where your submission fits." Besides issues outlined in Microsoft's Vulnerability Severity Classification for AI Systems, researchers are also encouraged to report vulnerabilities that result in: The company also highlighted a long list of issues and vulnerability types that are out of scope, including ones that would only affect the attacker, some model hallucination attacks, inaccurate or offensive chat responses, and more. "Partnering with security researchers through our bug bounty programs is an essential part of Microsoft's holistic strategy to protect customers from security threats," said MSRC Technical Program Manager Lynn Miyashita. "We value our partnership with the global security research community and are excited to expand our scope to include the AI-powered Bing experience." In a recent bounty year-in-review blog post, Microsoft said it paid $13.8 million in rewards to 345 security researchers worldwide who reported 1,180 vulnerabilities across 17 different bug bounty programs. Last year, the company added on-premises Exchange, SharePoint, and Skype for Business to its bug bounty program and increased the maximum awards for high-impact security flaws reported through the Microsoft 365 program.
Daily Brief Summary
Microsoft has initiated a new bug bounty program, focusing on discovering vulnerabilities in its AI-driven Bing experience to strengthen its security.
Security researchers worldwide are invited to participate, with rewards for qualifying submissions ranging from $2,000 to $15,000 USD.
Besides the issues listed in Microsoft's Vulnerability Severity Classification for AI Systems, other vulnerability types are welcome, excluding a few that are declared 'out of scope'.
Microsoft has confirmed that this bounty program is a part of its comprehensive approach to safeguarding its customers against security threats.
During a recent bounty year-in-review, Microsoft revealed it paid a total of $13.8 million to 345 security researchers globally, who reported 1,180 vulnerabilities across 17 bug bounty programs.
Last year, Microsoft added on-premises Exchange, SharePoint, Skype for Business to its bug bounty program, and increased the top rewards for high-impact security flaws reported through the Microsoft 365 program.