Microsoft recently announced the launch of a new bug bounty program focused on finding vulnerabilities in AI systems, starting with the company's AI-powered Bing chatbot. This "Microsoft AI bug bounty program" offers rewards up to $15,000 for eligible submissions.
The program invites security researchers worldwide to uncover flaws in Bing chat across web, mobile, and enterprise environments. Researchers who provide qualified submissions demonstrating concrete security issues will receive bounties ranging from $2,000 to $15,000. Higher rewards are possible for severe vulnerabilities and high-quality reports.
Even if a researcher's submission doesn't qualify for a monetary award, they might still earn public acknowledgment if their submission contributes to fixing a vulnerability. Such contributors also stand to earn points in the Researcher Recognition Program, which can lead to enticing swag and a spot on the prestigious Microsoft Most Valuable Researcher list.
Microsoft unveiled this AI-specific bounty at their recent BlueHat security conference. It comes on the heels of their AI vulnerability classification system introduced last month, which helps standardize severity ratings for AI security issues.
The tech giant has been ramping up efforts to secure AI systems in light of the recent explosion in generative AI. Bing chat is the first target, given its visibility and wide availability across Microsoft products. The bounty program may expand scope over time.
Submissions are eligible for bounty rewards if they:
- Identify a unique vulnerability in AI-powered Bing, previously unknown to Microsoft.
- Demonstrate a Critical or High severity vulnerability, as defined in Microsoft's AI vulnerability classification system.
- Include clear, reproducible steps documented in writing or video format.
- Provide sufficient information for engineers to quickly reproduce, understand, and resolve the vulnerability.
In a blog post, Microsoft said partnering with researchers is essential for "protecting customers from security threats" as AI becomes more prevalent. However, they noted this is a learning process as vulnerability management for AI continues maturing.
The launch of this focused AI bounty represents the company's latest investment in emerging tech security. It encourages responsible disclosure of Bing chat flaws to improve system resilience before malicious actors uncover them. Overall, the program emphasizes Microsoft's commitment to security in AI-powered products.