Microsoft today announced the launch of the
Microsoft AI bounty program that will reward people who discover vulnerabilities in the new AI-powered Bing experience. The bounty rewards range from $2,000 to $15,000 USD. The following products and services are eligible for this new bounty program:
• AI-powered Bing experiences on bing.com in Browser (All major browser vendors are supported, including
Bing Chat, Bing Chat for Enterprise, and Bing Image Creator)
• AI-powered Bing integration in Microsoft Edge (Windows), including Bing Chat for Enterprise
• AI-powered Bing integration in the Microsoft Start Application (iOS and Android)
• AI-powered Bing integration in the Skype Mobile Application (iOS and Android)
If you can identify vulnerabilities in the below area, Microsoft will reward you based on the severity.
• Influencing and changing Bing’s chat behavior across user boundaries, i.e. change the AI in ways that
impact all other users.
• Modifying Bing’s chat behavior by adjusting client and/or server visible configuration, such as setting debug
flags, changing feature flags, etc.
• Breaking Bing’s cross-conversation memory protections and history deletion.
• Revealing Bing’s internal workings and prompts, decision-making processes, and confidential information.
• Bypassing Bing’s chat mode session limits and/or restrictions/rules.
Bounties will be rewarded based on the vulnerability severity as per the table below:
“The new Microsoft AI bounty program comes as a result of key investments and learnings over the last few months, including an AI security research challenge and an update to Microsoft’s vulnerability severity classification for AI systems,” wrote the MSRC team.
source
