Microsoft will pay up to $15,000 if you get Bing AI to go off the rails
Microsoft will pay up to $15,000 if you get Bing AI to go off the rails
Microsoft cordially invites you to have a crack at tipping its new AI-powered Bing search tools into existential meltdown.
Published on 18th October 2023
Microsoft announced a new AI bounty program focused on the AI-driven Bing experience, with rewards reaching $15,000.
With the AI-powered Bing experience as the first in-scope product for the new bug bounty program, security researchers can submit vulnerabilities found in the following list of eligible services and products:
- AI-powered Bing experiences on bing.com in Browser (All major vendors are supported, including Bing Chat, Bing Chat for Enterprise, and Bing Image Creator)
- AI-powered Bing integration in Microsoft Edge (Windows), including Bing Chat for Enterprise
- AI-powered Bing integration in the Microsoft Start Application (iOS and Android)
- AI-powered Bing integration in the Skype Mobile Application (iOS and Android)
“The Microsoft AI bounty program invites security researchers from across the globe to discover vulnerabilities in the new, innovative, AI-powered Bing experience. Qualified submissions are eligible for bounty rewards from $2,000 to $15,000 USD,” Microsoft explains on the AI bounty program’s website.
“Submissions identifying vulnerabilities in Bing related online services will be considered under the M365 Bounty Program. All submissions are reviewed for bounty eligibility, so don’t worry if you aren’t sure where your submission fits.”
| Vulnerability type | Report quality | Severity | |||
|---|---|---|---|---|---|
|
|
|
Critical |
Important |
Moderate |
Low |
|
Inference Manipulation |
High
Medium
Low |
$15,000
$10,000
$6,000 |
$6,000
$3,000
$2,000 |
$0 |
$0 |
|
Model Manipulation |
High
Medium
Low |
$15,000
$10,000
$6,000 |
$6,000
$3,000
$2,000 |
$0 |
$0 |
|
Inferential Information Disclosure |
High
Medium
Low |
$15,000
$10,000
$6,000 |
$6,000
$3,000
$2,000 |
$0 |
$0 |
Besides issues outlined in Microsoft’s Vulnerability Severity Classification for AI Systems, researchers are also encouraged to report vulnerabilities that result in:
- Altering Bing's chat behavior across user boundaries, i.e., changing the AI in ways that could impact all other users.
- Adjusting Bing's chat behavior by altering client and/or server visible configuration, including changing debug and feature flags.
- Bypassing Bing's safeguards related to cross-conversation memory and history deletion.
- Disclosing Bing's internal mechanisms and prompts, decision-making processes, and confidential information.
- Circumventing limitations and rules within Bing's chat mode sessions.
The company also highlighted a long list of issues and vulnerability types that are out of scope, including ones that would only affect the attacker, some model hallucination attacks, inaccurate or offensive chat responses, and more.
“Partnering with security researchers through our bug bounty programs is an essential part of Microsoft’s holistic strategy to protect customers from security threats,” said MSRC Technical Program Manager Lynn Miyashita.
“We value our partnership with the global security research community and are excited to expand our scope to include the AI-powered Bing experience.”
In a recent bounty year-in-review blog post, Microsoft said it paid $13.8 million in rewards to 345 security researchers worldwide who reported 1,180 vulnerabilities across 17 different bug bounty programs.
Last year, the company added on-premises Exchange, SharePoint, and Skype for Business to its bug bounty program and increased the maximum awards for high-impact security flaws reported through the Microsoft 365 program.
