Connect with us

Hi, what are you looking for?


Artificial Intelligence

Microsoft Offers Up to $15,000 in New AI Bug Bounty Program

Microsoft is offering rewards of up to $15,000 in a new bug bounty program dedicated to its new AI-powered Bing.

Microsoft on Thursday announced the launch of a new bug bounty program focused on artificial intelligence.

The program, which initially focuses on AI-powered Bing, offers rewards of up to $15,000 for vulnerabilities in in browsers, and the Bing integration in Edge, Microsoft Start Application, and the Skype mobile applications.

According to Microsoft, any vulnerabilities in the AI-powered Bing experiences on, including Bing Chat, Bing Chat for Enterprise, and Bing Image Creator, are within the scope of the program.

For AI-powered Bing integrations, Microsoft is looking for vulnerabilities in the Edge browser on Windows (including Bing Chat for Enterprise) and in iOS and Android applications.

Microsoft says it is looking for reports describing inference manipulation, model manipulation, and inferential information disclosure vulnerabilities.

It will also accept reports on bugs and vulnerability chains that influence or modify Bing’s chat behavior, break Bing’s cross-conversation memory protections, reveal Bing’s internal workings and prompts, and bypass Bing’s chat mode session limits.

According to the tech giant, while bug bounty rewards range from $2,000 to $15,000, higher rewards may also be earned, based on the vulnerability’s severity and impact and on the submission’s quality.

To be eligible, submissions should identify previously unreported critical or important vulnerabilities in the AI-powered Bing that can be reproduced in the latest, patched version of the product or service, and should include clear details on the bug and on the steps to reproduce.

Advertisement. Scroll to continue reading.

Participating security researchers need to submit their reports through the MSRC Researcher Portal, in the Bing section, include the conversation ID, and describe the attack vector.

“The Microsoft AI bounty program’s scope is limited to technical vulnerabilities in the AI-powered Bing experiences in the identified products and services. If you discover customer data while conducting your research, or are unclear if it is safe to proceed, please stop and contact us at [email protected],” the company notes.

Vulnerabilities in Bing-related online services are not within the program’s scope, but may be considered under the M365 Bounty Program instead.

More information on the new AI-powered Bing bug bounty program can be found on the program’s page.

Related: Google Expands Bug Bounty Program With Chrome, Cloud CTF Events

Related: Microsoft Paid Out $13 Million via Bug Bounty Programs for Fourth Consecutive Year

Related: SquareX Launches Bug Bounty Program for Browser Security Product

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join us as we delve into the transformative potential of AI, predictive ChatGPT-like tools and automation to detect and defend against cyberattacks.


As cybersecurity breaches and incidents escalate, the cyber insurance ecosystem is undergoing rapid and transformational change.


Expert Insights

Related Content

Artificial Intelligence

The CRYSTALS-Kyber public-key encryption and key encapsulation mechanism recommended by NIST for post-quantum cryptography has been broken using AI combined with side channel attacks.

Artificial Intelligence

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.

Artificial Intelligence

ChatGPT is increasingly integrated into cybersecurity products and services as the industry is testing its capabilities and limitations.

Artificial Intelligence

The degree of danger that may be introduced when adversaries start to use AI as an effective weapon of attack rather than a tool...

Artificial Intelligence

Two of humanity’s greatest drivers, greed and curiosity, will push AI development forward. Our only hope is that we can control it.

Artificial Intelligence

Microsoft and Mitre release Arsenal plugin to help cybersecurity professionals emulate attacks on machine learning (ML) systems.

Application Security

Thinking through the good, the bad, and the ugly now is a process that affords us “the negative focus to survive, but a positive...

Artificial Intelligence

Two new surveys stress the need for automation and AI – but one survey raises the additional specter of the growing use of bring...