October 12, 2023 at 01:36PM
Microsoft has introduced a new AI bounty program for the AI-driven Bing experience, offering rewards up to $15,000. The program covers vulnerabilities found in AI-powered Bing experiences across various services and products, including bing.com, Microsoft Edge, Microsoft Start Application, and Skype Mobile Application. Qualified submissions are eligible for bounty rewards ranging from $2,000 to $15,000 USD. Microsoft paid $13.8 million in rewards to security researchers in the past year.
Key Takeaways from Meeting Notes:
– Microsoft has announced a new AI bounty program focused on the AI-driven Bing experience, offering rewards up to $15,000.
– Security researchers can submit vulnerabilities found in eligible services and products such as AI-powered Bing experiences on bing.com, AI-powered Bing integration in Microsoft Edge, Microsoft Start Application, and the Skype Mobile Application.
– The AI bounty program offers rewards ranging from $2,000 to $15,000 USD based on vulnerability type, report quality, and severity.
– Vulnerability types identified include Inference Manipulation, Model Manipulation, and Inferential Information Disclosure.
– Researchers are encouraged to report vulnerabilities that result in altering Bing’s chat behavior, adjusting client and server visible configurations, bypassing safeguards, disclosing internal mechanisms and prompts, and circumventing limitations and rules.
– Some issues and vulnerability types are out of scope, such as attacks that only affect the attacker, model hallucinations, inaccurate or offensive chat responses, and more.
– Microsoft paid $13.8 million in rewards to 345 security researchers worldwide who reported 1,180 vulnerabilities across 17 different bug bounty programs in the previous year.
– In the previous year, Microsoft added on-premises Exchange, SharePoint, and Skype for Business to its bug bounty program and increased the maximum awards for high-impact security flaws reported through the Microsoft 365 program.