Microsoft’s New AI Bug Bounty Program Has Rewards Up To $15K
Microsoft launched a bug bounty program providing rewards as much as $15,000 for locating vulnerabilities in AI programs, aiming to enhance AI security by way of exterior safety testing.
The preliminary scope of this system will cowl the AI-powered options in Bing, together with Bing Chat, Bing Picture Creator, and Bing integrations in Microsoft Edge, the Microsoft Begin app, and Skype.
The corporate highlighted this new bounty program in a presentation on the BlueHat safety convention. It goals to incentivize safety researchers to search out bugs and flaws in Microsoft’s AI merchandise earlier than malicious actors can exploit them.
Microsoft states in an announcement:
“As shared in our bounty year in review blog post final month, we’re always rising, iterating, and evolving our bounty applications to assist Microsoft prospects keep forward of the curve within the ever-changing safety panorama and rising applied sciences.”
Microsoft’s Bounty Program Expands to Embody AI
Microsoft’s new bounty program is an extension of an present program, which has awarded over $13 million to researchers. It comes after the corporate not too long ago up to date its vulnerability severity rankings for AI programs and held an AI safety analysis problem.
Based on the bounty program’s terms, eligible vulnerabilities should meet Microsoft’s criticality thresholds, be beforehand unreported, and embrace clear, reproducible steps.
Submissions will likely be judged on technical severity in addition to the standard of the report.
The minimal bounty fee is $2,000 for a moderate-severity flaw, starting from $15,000 for essential vulnerabilities. Increased rewards are potential at Microsoft’s discretion for points with vital buyer influence.
How To Take part
Researchers fascinated with taking part can submit vulnerabilities by way of the Microsoft Safety Response Middle portal.
Microsoft advises moral bounty searching utilizing check accounts whereas avoiding buyer knowledge publicity or denial of service.
This system’s scope is restricted to technical vulnerabilities within the AI-powered Bing experiences. Some actions aren’t allowed, equivalent to accessing knowledge that doesn’t belong to you, exploiting server-side issues past demonstrating proof of idea, and operating automated exams that generate lots of site visitors.
Microsoft’s AI bug bounty program alerts a broader business concentrate on figuring out and responsibly disclosing vulnerabilities in AI programs earlier than they are often exploited.
Whereas restricted to Bing’s AI options, the bounties might develop later as Microsoft builds out and secures extra AI capabilities.
Featured Picture: Andrii Yalanskyi/Shutterstock