Microsoft has announced a new bug bounty program to reward security researchers who find and report vulnerabilities in its Bing search engine, including the recently launched Bing Chat AI search chatbot. The bug bounty program aims to improve the security and reliability of Bing as the search engine becomes more reliant on AI.
According to Microsoft, Bing handles billions of queries every day across different platforms and devices.
The program offers cash rewards ranging from $500 to $15,000 USD depending on the severity and impact of the vulnerability. The following are examples of vulnerabilities that are eligible for bounty awards:
- Cross-site scripting (XSS)
- Cross-site request forgery (CSRF)
- Server-side code execution
- Insecure direct object references
- Insecure deserialization
- SQL injection
- XML external entity (XXE) injection
- Server-side request forgery (SSRF)
- Information disclosure
- Authentication bypass
- Authorization bypass
To participate in the program, researchers need to follow the Microsoft Bounty Terms and Conditions and the Microsoft Cloud Bounty Program Scope. They also need to submit their findings through the MSRC Submission Portal with clear and concise steps to reproduce the vulnerability.
Bing Chat was announced in February and updated in March to support OpenAI's GPT-4 generative AI. Since its launching, the tool has propelled Bing into the limelight and given the search engine a chance of competing with Google Search after years in the wilderness
OpenAI Recently Launched a ChatGPT Bounty Program
There have been growing concerns that threat actors will target AI and look for weaknesses in models to attack users. OpenAI – Microsoft's multi-billion-dollar partner – has recently debuted its own bug bounty program for ChatGPT.
Anyone can start testing ChatGPT by visiting chat.openai.com/bug-bounty where you will find instructions on how to submit a bug report. While $20,000 is up for grabs, this is the top reward. There is a reward structure that starts at $100.
Microsoft already has several bounty programs across its services, including Azure, Microsoft 365, Xbox, Microsoft Identity,.NET and several more.
Tip of the day: For the most part, Windows apps are stable, but they can still be still thrown out of whack by updates or configuration issues. Many boot their PC to find their Microsoft Store isn't working or their Windows apps aren't opening. Luckily Windows 11 and Windows 10 have an automatic repair feature for apps that can resolve such issues.