Trip Up Bing AI And You Could Score A $15,000 Payday From Microsoft
This is Microsoft's first bug bounty program explicitly targeted at its AI services, and as a result, there are quite a few guidelines that submitters must follow. The goal is to close security holes in the company's new Bing products that make use of AI, particularly the ones listed below:
- AI-powered Bing experiences on bing.com in Browser (All major vendors are supported, including Bing Chat, Bing Chat for Enterprise, and Bing Image Creator)
- AI-powered Bing integration in Microsoft Edge (Windows), including Bing Chat for Enterprise
- AI-powered Bing integration in the Microsoft Start application (iOS and Android)
- AI-powered Bing integration in the Skype Mobile application (iOS and Android)
- Influencing and changing Bing’s chat behavior across user boundaries, i.e. change the AI in ways that impact all other users.
- Modifying Bing’s chat behavior by adjusting client and/or server visible configuration, such as setting debug flags, changing feature flags, etc.
- Breaking Bing’s cross-conversation memory protections and history deletion.
- Revealing Bing’s internal workings and prompts, decision making processes and confidential information.
- Bypassing Bing’s chat mode session limits and/or restrictions/rules.
If you'd like to attack Microsoft's AI services and try to earn yourself a bounty, head on over to this page to read the aforementioned Rules of Engagement and understand what your actual goal is.