HomeWinBuzzer NewsMicrosoft Opens Bing Chat Bug Bounty Program

Microsoft Opens Bing Chat Bug Bounty Program

Microsoft has introduced a bug bounty program for Bing, including the new Bing Chat AI, to help catch vulnerabilities early.

-

has announced a new bug bounty program to reward security researchers who find and report vulnerabilities in its Bing search engine, including the recently launched chatbot. The bug bounty program aims to improve the security and reliability of Bing as the search engine becomes more reliant on AI.

According to Microsoft, Bing handles billions of queries every day across different platforms and devices.

The program offers cash rewards ranging from $500 to $15,000 USD depending on the severity and impact of the vulnerability. The following are examples of vulnerabilities that are eligible for bounty awards:

  • Cross-site scripting (XSS)
  • Cross-site request forgery (CSRF)
  • Server-side code execution
  • Insecure direct object references
  • Insecure deserialization
  • SQL injection
  • XML external entity (XXE) injection
  • Server-side request forgery (SSRF)
  • Information disclosure
  • Authentication bypass
  • Authorization bypass

To participate in the program, researchers need to follow the Microsoft Bounty Terms and Conditions and the Microsoft Cloud Bounty Program Scope. They also need to submit their findings through the MSRC Submission Portal with clear and concise steps to reproduce the vulnerability.

Bing Chat was announced in February and updated in March to support 's GPT-4 . Since its launching, the tool has propelled Bing into the limelight and given the search engine a chance of competing with Google Search after years in the wilderness

OpenAI Recently Launched a ChatGPT Bounty Program

There have been growing concerns that threat actors will target AI and look for weaknesses in models to attack users. OpenAI – Microsoft's multi-billion-dollar partner – has recently debuted its own bug bounty program for ChatGPT.

Anyone can start testing by visiting chat.openai.com/bug-bounty where you will find instructions on how to submit a bug report. While $20,000 is up for grabs, this is the top reward. There is a reward structure that starts at $100.

Microsoft already has several bounty programs across its services, including Azure, Microsoft 365, Xbox, Microsoft Identity,.NET and several more.

Tip of the day: For the most part, Windows apps are stable, but they can still be still thrown out of whack by updates or configuration issues. Many boot their PC to find their Microsoft Store isn't working or their Windows apps aren't opening. Luckily and Windows 10 have an automatic repair feature for apps that can resolve such issues.

SourceMicrosoft
Luke Jones
Luke Jones
Luke has been writing about all things tech for more than five years. He is following Microsoft closely to bring you the latest news about Windows, Office, Azure, Skype, HoloLens and all the rest of their products.

Recent News