Microsoft announces AI bug bounty programme, offers up to $15K reward

Microsoft has announced an AI bug bounty programme featuring the AI-powered Bing experience as the first in-scope product, with awards up to $15,000.

The programme is to encourage researchers around the world to find vulnerabilities within the Bing chatbot and AI integrations.

 

“The Microsoft AI bounty programme invites security researchers from across the globe to discover vulnerabilities in the new, innovative, AI-powered Bing experience. Qualified submissions are eligible for bounty rewards from $2,000 to $15,000,” Microsoft explains on the AI bounty programme’s website.

 

The other products and integrations that are eligible for bounty awards are AI-powered Bing integration in Microsoft Edge, AI-powered Bing integration in the Microsoft Start app, and AI-powered Bing integration in the Skype Mobile app.

 

Any vulnerabilities found in these integrations are qualified for submission and are eligible to win a reward.

 

Microsoft said that the “goal of the AI bounty programme is to uncover significant vulnerabilities in the new, innovative, AI-powered Bing experience that have a direct and demonstrable impact on the security of our customers”.

 

Applicants must be at least 14 years old and have permission from a legal guardian if they are minors.

 

Meanwhile, Microsoft stated in a recent bounty year-in-review blog post that it awarded $13.8 million in incentives to 345 security researchers from around the world who identified 1,180 vulnerabilities across 17 distinct bug bounty programmes.

 

As part of its bug bounty programme last year, Microsoft added Exchange on-premises, SharePoint, and Skype for Business, as well as increased the maximum awards for high-impact security flaws reported via the Microsoft 365 platform.