Microsoft announces new US$15,000 AI bug bounty program

The Redmond software giant is offering bug hunters a tasty prize for working on stamping out vulnerabilities in a range of Bing-based applications.

Microsoft is hoping the bounty will motivate security researchers to find vulnerabilities in the following products, all related to “AI-powered Bing integration” and “AI-powered Bing experiences” – Bing.com inside a browser, in Microsoft Edge in particular, in the Microsoft Start application, and in Skype.

Vulnerabilities in other Bing-related services could also be considered under Microsoft’s M365 Bounty Program.

“All submissions are reviewed for bounty eligibility, so don’t worry if you aren’t sure where your submission fits,” Microsoft said in an announcement. “We will route your report to the appropriate program.”

============

To be eligible for for a bounty, presented vulnerabilities must meet the following criteria:

The vulnerability must be one heretofore unknown.
Vulnerabilities must be rated as either critical or important under Microsoft’s vulnerability severity classification for AI systems rating and must be reproducible.
Include concise steps for such reproduction.

“Bounty awards range from US$2,000 up to US$15,000,” Microsoft said. 

“Higher awards are possible, at Microsoft’s sole discretion, based on the severity and impact of the vulnerability and the quality of the submission. Eligible submissions will be awarded the single highest qualifying award.”

Vulnerabilities can be submitted via the MSRC Researcher Portal.

David Hollingworth

David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.