Microsoft launches AI bounty program to find vulnerabilities in the new AI-powered Bing experiences
2 min. read
Published on
Read our disclosure page to find out how can you help MSPoweruser sustain the editorial team Read more
Microsoft today announced the launch of the Microsoft AI bounty program that will reward people who discover vulnerabilities in the new AI-powered Bing experience. The bounty rewards range from $2,000 to $15,000 USD. The following products and services are eligible for this new bounty program:
- AI-powered Bing experiences on bing.com in Browser (All major browser vendors are supported, including Bing Chat, Bing Chat for Enterprise, and Bing Image Creator)
- AI-powered Bing integration in Microsoft Edge (Windows), including Bing Chat for Enterprise
- AI-powered Bing integration in the Microsoft Start Application (iOS and Android)
- AI-powered Bing integration in the Skype Mobile Application (iOS and Android)
If you can identify vulnerabilities in the below area, Microsoft will reward you based on the severity.
- Influencing and changing Bing’s chat behavior across user boundaries, i.e. change the AI in ways that impact all other users.
- Modifying Bing’s chat behavior by adjusting client and/or server visible configuration, such as setting debug flags, changing feature flags, etc.
- Breaking Bing’s cross-conversation memory protections and history deletion.
- Revealing Bing’s internal workings and prompts, decision making processes and confidential information.
- Bypassing Bing’s chat mode session limits and/or restrictions/rules.
Bounties will be rewarded based on the vulnerability severity as per the table below:
Vulnerability Type | Report Quality | Severity | |||
---|---|---|---|---|---|
Critical | Important | Moderate | Low | ||
Inference Manipulation | High
Medium Low |
$15,000
$10,000 $6,000 |
$6,000
$3,000 $2,000 |
$0 | $0 |
Model Manipulation | High
Medium Low |
$15,000
$10,000 $6,000 |
$6,000
$3,000 $2,000 |
$0 | $0 |
Inferential Information Disclosure | High
Medium Low |
$15,000
$10,000 $6,000 |
$6,000
$3,000 $2,000 |
$0 | $0 |
“The new Microsoft AI bounty program comes as a result of key investments and learnings over the last few months, including an AI security research challenge and an update to Microsoft’s vulnerability severity classification for AI systems,” wrote MSRC team.
User forum
1 messages