Microsoft has just announced a new bug bounty program, where developers who find bugs and issues could get money for their efforts. This time, the program centers on finding bugs in Microsoft's Bing AI services and apps.
In a blog post on the Microsoft Security Response Center site, the company outlined the specific AI services that will be a part of the new bug bounty program:
- AI-powered Bing experiences on bing.com in Browser (All major vendors are supported, including Bing Chat, Bing Chat for Enterprise, and Bing Image Creator)
- AI-powered Bing integration in Microsoft Edge (Windows), including Bing Chat for Enterprise
- AI-powered Bing integration in the Microsoft Start Application (iOS and Android)
- AI-powered Bing integration in the Skype Mobile Application (iOS and Android)
Microsoft says this new program is a result of a number of "key investments and learnings over the last few months." These improvements have included a new update for the company's vulnerability severity classification specifically for its AI services, along with an AI security research challenge.
On another page on the MSRC site, Microsoft goes over the submission requirements for the new Bing AI bug bounty program. Basically, developers must report a bug that has not been discovered or reported previously to Microsoft, and have the bug be rated as Critical or Important in terms of its severity. The developer or security researcher must also show the specific steps to recreate the bug.
The bug bounty reward amounts, based on the severity and report quality of the developer, will range from between $2,000 to $15,000. That being said, Microsoft does state that even higher bug bounty rewards could be sent out.
The blog post added:
Partnering with security researchers through our bug bounty programs is an essential part of Microsoft’s holistic strategy to protect customers from security threats. We value our partnership with the global security research community and are excited to expand our scope to include the AI-powered Bing experience.
More info on the Bing AI bug bounty program can be found at this FAQ page.
4 Comments - Add comment