Bing introduces a new AI bug bounty program with rewards of up to $15,000
Microsoft has announced a new bug bounty program for vulnerabilities affecting Bing AI. The company is offering rewards ranging from $2000 to $15,000 to anyone who can identify a flaw that lets you alter the behavior of the chatbot.
An example of a vulnerability would be using prompt engineering to trick the chatbot into revealing confidential information stored within the system or bypassing the chatbot’s security policies. Reports that expose vulnerabilities in inference manipulation, model manipulation, or inferential information disclosure are considered critical and carry the top reward.
The bug bounty program covers any AI-powered Bing integration in Microsoft Edge, the bing.com website (doesn’t matter which browser), the Microsoft start menu, or the Skype app.
Seeing as Bing-powered AI services are the foundation of Microsoft’s Copilot AI offering, the bounty program is a strategic move by the company that will help increase the security posture of their offering.
The use of Bing AI to facilitate phishing attacks or to create automated tools for DDoS attacks is not recognized as a vulnerability in the program.
Microsoft already runs a series of other bug bounty programs for their other products including Microsft Teams, Microsft 365 and Azure.
Top companies employ this strategy to identify vulnerabilities in their systems that could otherwise be exploited by cybercriminals. Just recently Google awarded a record-breaking bounty of $605,000 to a researcher who found a flaw in the Android OS.