Microsoft has introduced an AI Bounty Program, offering rewards up to $15,000 to security researchers who uncover vulnerabilities in its AI-driven Bing experience. The program aims to boost security and encourage experts to scrutinize Bing's chatbot and its integration with Microsoft products.
Earning Rewards:
- Researchers globally can earn between $2,000 and $15,000 for valid vulnerability reports.
- Minors aged 14 and up can participate with parental consent.
- Government employees can join, with rewards going to their organizations.
Researchers can analyze AI-powered Bing experiences on Bing.com, Microsoft Edge, Microsoft Start (iOS and Android), and Skype (iOS and Android).
Vulnerabilities must be "critical" or "important," reproducible in the latest product version, and have clear steps for replication.
Responsible Disclosure:
- Researchers should use the MSRC Researcher Portal and specify "Bing" as the category.
- Out-of-scope issues may not qualify for rewards.
Rewards range from $2,000 to $15,000, potentially higher based on severity, and Microsoft also acknowledges researchers whose findings lead to fixes.
Microsoft's AI Bounty Program enhances AI security and promotes collaboration with the cybersecurity community for safer AI products and services.