Microsoft introduced a bug bounty program with rewards of up to $15,000 to encourage the identification of vulnerabilities in AI systems, thereby enhancing AI safety through external security evaluations.
Initially, this program will encompass AI-driven functionalities within Bing, such as Bing Chat, Bing Image Creator, and Bing integrations found in Microsoft Edge, the Microsoft Start app, and Skype.
This new bounty initiative was emphasized during a presentation at the BlueHat security conference. Its purpose is to motivate security researchers to discover defects and weaknesses in Microsoft’s AI products prior to potential malicious exploitation.
Microsoft communicates in an announcement:
“As detailed in our recent review blog post for our bounty programs, we continually expand, refine, and adapt these initiatives to assist Microsoft customers in staying well-prepared for the evolving security environment and emerging technologies.”Microsoft
Microsoft Expands Bounty Program to Include AI
Microsoft has expanded its bounty program to include AI. This enhancement builds upon an existing program that has awarded researchers with over $13 million.
The terms of the bounty program dictate that qualifying vulnerabilities must adhere to Microsoft’s criticality standards and include explicit steps for reproducibility.
The evaluation process will consider the technical severity of the problem and the quality of the report.
The least reward for identifying a moderately serious flaw is set at $2,000, with potential sums rising to $15,000 for critical vulnerabilities. In cases where the identified issue has a substantial impact on customers, Microsoft may consider higher rewards at its discretion.
How to Participate?
For researchers interested in joining, the process involves submitting vulnerabilities through the Microsoft Security Response Center portal.
Microsoft encourages the ethical exploration of bounties using test accounts while emphasizing the importance of avoiding any exposure of customer data or disruption of services.
It’s important to note that the program is exclusively concerned with technical vulnerabilities related to AI-powered Bing experiences.
Nevertheless, the program restricts certain actions, such as unauthorized data access, exceeding proof-of-concept demonstration for server-side issues, and generating excessive traffic through automated tests.
Thus, Microsoft’s AI bug bounty program reflects the growing industry emphasis on detecting and properly reporting vulnerabilities in AI systems to prevent potential misuse.
Although presently restricted to Bing’s AI functions, the scope of these rewards may expand in the future as Microsoft further develops and enhances its AI capabilities.
For more updates, follow Hazehunt.