Microsoft has unveiled a fresh bug bounty program that centers around enhancing the AI-powered Bing experience, offering researchers compensation of up to $15,000.
Within the framework of this novel Bing bug bounty initiative, security researchers will have the opportunity to report vulnerabilities discovered in the following roster of services and products:
- AI-powered Bing experiences on bing.com in the browser (All major vendors are supported, including Bing Chat, Bing Chat for Enterprise, and Bing Image Creator)
- AI-powered Bing integration on Microsoft Edge (Windows), including Bing Chat for Enterprise
- AI-powered Bing integration on Microsoft Start Application (iOS and Android)
- AI-powered Bing integration on Skype Mobile Application (iOS and Android)
“Microsoft’s AI bug bounty program welcomes security researchers from across the globe to unearth vulnerabilities within the cutting-edge Bing experience powered by Artificial Intelligence. Microsoft, in its explanation, highlights that certified submissions can earn rewards ranging from $2,000 to $15,000 USD.”
“Submissions pinpointing vulnerabilities in online services associated with Bing will be evaluated within the context of the M365 Bounty Program. Microsoft reassures all participants that each submission undergoes eligibility screening for potential rewards, regardless of whether you’re uncertain about its alignment with a specific program.”
Furthermore, researchers are encouraged to report vulnerabilities that lead to:
- Modifying Bing’s chat behavior beyond individual user parameters, potentially impacting a wider user base.
- Tailoring Bing’s chat behavior by altering visible client and/or server configurations, which includes adjustments to debug and feature flags.
- Circumventing Bing’s safeguards pertaining to cross-conversation memory and history deletion.
- Disclosing internal mechanisms, decision-making processes, and insider information of Bing.
- Evading restrictions and regulations in Bing chat mode sessions.
The company has also delineated an extensive list of issues and categories of vulnerabilities that fall outside the program’s purview, thus providing clear guidelines for researchers.
Lynn Miyashita, the Technical Program Manager at MSRC, emphasized the significance of collaborating with security researchers within Microsoft’s comprehensive strategy to safeguard customers from security threats, underscoring the importance of the new Bing bug bounty program.
In a recent announcement, Microsoft disclosed that it awarded a total of $13.8 million in rewards to 345 security researchers worldwide who reported 1,180 vulnerabilities across 17 distinct bug bounty programs.
Bug bounty programs are an evolving strategy within the cybersecurity domain, designed to bolster the security of contemporary systems against cyber threats. These initiatives operate on the premise of “attack to enhance protection” and provide incentives for uncovering vulnerabilities within systems.
In essence, Bug Bounty programs play a pivotal role in bolstering cybersecurity due to the following reasons:
- They furnish an additional layer of defense against attacks, addressing vulnerabilities that may have been inadvertently ignored or misunderstood by a company’s in-house security teams.
- They demonstrate that even the most stringent security measures can have vulnerabilities, underscoring the imperative for ongoing enhancement and vigilance.
- They assist businesses in gaining a more comprehensive understanding of security threats by scrutinizing the empirical, technical, and strategic dimensions of cybersecurity.
Hence, Bug Bounty programs, such as the one centered on Bing, make a substantial contribution to the enhanced security of the digital realm by fostering and mobilizing research efforts.