October 13, 2023 at 06:18AM
Microsoft has launched a bug bounty program specifically focused on vulnerabilities in its artificial intelligence (AI)-powered Bing search engine. The program offers rewards of up to $15,000 for vulnerabilities found in bing.com and associated applications. Microsoft is particularly interested in vulnerabilities related to inference manipulation, model manipulation, and inferential information disclosure. Submissions should be made through the MSRC Researcher Portal with clear details on the bug and steps to reproduce it. Vulnerabilities in Bing-related online services are not covered by the program but can be considered under the M365 Bounty Program.
Microsoft has launched a new bug bounty program focused on artificial intelligence (AI), specifically AI-powered Bing. The program offers rewards of up to $15,000 for vulnerabilities found in bing.com, the Bing integration in Edge, Microsoft Start Application, and the Skype mobile applications. The scope of the program includes AI-powered Bing experiences on bing.com, such as Bing Chat, Bing Chat for Enterprise, and Bing Image Creator. Vulnerabilities in the Edge browser on Windows, as well as iOS and Android applications, are also within the scope. Microsoft is particularly interested in reports describing inference manipulation, model manipulation, inferential information disclosure vulnerabilities, bugs that influence or modify Bing’s chat behavior, and more. Bug bounty rewards range from $2,000 to $15,000, with higher rewards possible based on severity and impact. To be eligible, vulnerabilities must be previously unreported and reproduceable in the latest patched version of the product. Reports should include clear details on the bug and steps to reproduce, and submissions should be made through the MSRC Researcher Portal. Vulnerabilities in Bing-related online services are not part of this program but may be considered under the M365 Bounty Program. For more information, please visit the AI-powered Bing bug bounty program page.