Today at BlueHat we announced the new Microsoft AI bug bounty program with awards up to $15,000. This new bounty program features the AI-powered Bing experience as the first in scope product. The following products and integrations are eligible for bounty awards:
- AI-powered Bing experiences on bing.com in Browser (All major vendors are supported, including Bing Chat, Bing Chat for Enterprise, and Bing Image Creator)
- AI-powered Bing integration in Microsoft Edge (Windows), including Bing Chat for Enterprise
- AI-powered Bing integration in the Microsoft Start Application (iOS and Android)
- AI-powered Bing integration in the Skype Mobile Application (iOS and Android)
Full details can be found on our bounty program website.
As shared in our bounty year in review blog post last month, we are constantly growing, iterating, and evolving our bounty programs to help Microsoft customers stay ahead of the curve in the ever-changing security landscape and emerging technologies. The new Microsoft AI bounty program comes as a result of key investments and learnings over the last few months, including an AI security research challenge and an update to Microsoft’s vulnerability severity classification for AI systems.
Thank you to all of the security researchers who accepted our invitation to join the security research challenge and to all who partner with us to find and fix vulnerabilities to protect Microsoft customers. Partnering with security researchers through our bug bounty programs is an essential part of Microsoft’s holistic strategy to protect customers from security threats. We value our partnership with the global security research community and are excited to expand our scope to include the AI-powered Bing experience.
Found a vulnerability in the AI-powered Bing experience? Share your findings by submitting a report through the MSRC Researcher Portal.
We are excited to learn and experiment with this new bounty program as our vulnerability management process for vulnerabilities in AI systems continues to get better. If you have any questions about this new program or any other security research incentive program, please email us at bounty@microsoft.com.
Lynn Miyashita, MSRC