Microsoft has recently launched a bounty bug program, specifically targeting its Bing AI service, which includes Bing Chat and Bing Image Creator, as an effort to identify and rectify software bugs. The tech giant is inviting developers and security researchers worldwide to participate in this program and will compensate them for their efforts.
Incentives and Conditions of the AI Bug Hunt
Under the guidelines issued by Microsoft's Security Response Center (MSRC), those participating should report bugs or issues that have not been previously identified or reported to the company. The bug in question should also fall under the “Critical” or “Important” category based on its severity. Participants also must illustrate the step-by-step procedure to reproduce the identified bug. The chartered reward for the reported bugs varies according to their severity as well as the quality of the report submitted by the developer. The range of the bounty prize lies between $2,000 and $15,000, with Microsoft stating the possibility of higher rewards under unspecified criteria.
This initiative is a subsequent move, taken after making substantial investments and taking key learnings into consideration over the past few months. This formed part of the improvements made by the company, which also saw a new update for its vulnerability severity classification specifically for AI services, that complemented an AI security research challenge.
Collaboration as a Part of Microsoft's Security Strategy
In the official blog post, Microsoft expressed appreciation for the assistance of security researchers through its bug bounty programs. The company claims that such collaborations are a crucial element of their overall strategy intended to protect their customers against security threats. They iterated their excitement about expanding the scope of these programs, with the inclusion of the Bing AI experience in its realm. Additional information regarding the Bing AI bug bounty program can be found provided on an FAQ page online.
