Microsoft is offering a bug bounty for Bing AI-Chat!
Are you an ethical hacker or have such skills by any chance? If so, you can earn up to $250,000 reward just by sending bug reports to Microsoft for Bing Chat.
What is Microsoft’s bug bounty program?
VRS (Vulnerability Reward Program) or bug bounty program is an initiative that big organizations offer to incentivize ethical hackers/ white hat hackers, to identify and report security vulnerabilities or bugs in their system or website or software. They basically offer every ethical hacker a chance to find bugs in their system with detailed reports on how it can be maliciously exploited by hackers, instead of hiring freelancers or researchers themselves.
If you can find a flaw or a bug in the system or software of Microsoft’s latest chatbot Bing, all you have to do is make a legit report on what the problem is and how it threatens the security system from the end of the company as well as the users.
After submission of the report, it will be thoroughly reviewed by the security-tech engineers of Microsoft. In case your report has a good point and such improvements turn out to be crucial, you will be given a hefty reward and credit for it.
One interesting thing about this is, even if the vulnerability is not covered by an existing bounty program, Microsoft may publicly acknowledge your contributions when they fix the vulnerability. Additionally, all vulnerability submissions are counted in Microsoft’s Researcher Recognition Program and leaderboard, even if they do not qualify for a bounty award.
To get started, submit a detailed report through the general submission list and select Bing from the product list.
Microsoft wants to know all the complex details, so be sure to include the type of issue you’ve discovered, the version of Bing that’s affected, any updates you’ve installed, and any special configurations required to reproduce the bug. Step-by-step instructions to reproduce the issue on a fresh install are a must, along with proof of concept to showcase your findings.
How much is the Bounty Price Range?
Initially, the bounty price that you may receive is going to be determined by how important your bug report turns out to be. After the engineers review your report, your bounty price will be determined. You will receive a letter of appreciation along with how much money you are winning within 3 months of your submission.
Researchers can win anything starting from $20,000 USD to $2,50,000!
Here is a list of softwares/program names, the eligibility criteria and the prices that Microsoft offers for finding bugs. Participation in the Microsoft Bug Bounty Programs is subject to legal terms and conditions, and a bounty Safe Harbor policy.
Cloud Programs
| Program Name | Eligibility Criteria – Give Vulnerability reports on: | Bounty Price Range |
| Microsoft Azure | Microsoft Azure cloud services | Up to $60,000 USD |
| Microsoft Identity | Identity services, including Microsoft Account, Azure Active Directory, or select OpenID standards. | Up to $100,000 USD |
| Xbox | the Xbox Live network and services | Up to $20,000 USD |
| M365 | applicable Microsoft cloud services, including Office 365 | Up to $20,000 USD |
| Microsoft Azure DevOps Services | applicable Microsoft Azure DevOps Services | Up to $20,000 USD |
| Microsoft Dynamics 365 and Power Platform | applicable Microsoft Dynamics 365 and Power Platform applications | Up to $20,000 USD |
| Microsoft .NET | .NET Core and ASP.NET Core RTM and future builds | Up to $15,000 USD |
Platform Programs
| Program Name | Eligibility Criteria – Give Vulnerability reports on: | Bounty Price Range |
| Microsoft Hyper-V | Critical remote code execution, information disclosure and denial of services vulnerabilities in Hyper-V | Up to $250,000 USD |
| Microsoft Windows Insider Preview | Critical and important vulnerabilities in Windows Insider Preview | Up to $100,000 USD |
| Microsoft Applications and On-Premises Servers | Critical and important vulnerabilities in Microsoft Applications and On-Premises Servers | Up to $30,000 USD |
| Windows Defender Application Guard | Critical vulnerabilities in Windows Defender Application Guard | Up to $30,000 USD |
| Microsoft Edge (Chromium-based) | Critical, important, and moderate vulnerabilities in Microsoft Edge (Chromium-based) Dev, Beta, and Stable channels | Up to $30,000 USD |
| Microsoft 365 Insider | Vulnerabilities on Microsoft 365 Insider | Up to $15,000 USD |
| ElectionGuard | Vulnerabilities in ElectionGuard | Up to $15,000 USD |
Defense & Grant Programs
| Program Name | Eligibility Criteria – Give Vulnerability reports on: | Bounty Price Range |
| Mitigation Bypass and Bounty for Defense | Novel exploitation techniques against protections built into the latest version of the Windows operating system. Additionally, defensive ideas that accompany a Mitigation Bypass submission. | Up to $100,000 USD (plus up to an additional $100,000) |
| Grant: Microsoft Identity | Approved research proposals that improve the security of the Microsoft Identity solutions in new ways for both Consumers (Microsoft Account) and Enterprise (Azure Active Directory). | Up to $75,000 USD |
| SIKE Cryptographic Challenge | This challenge awards for solutions that break the SIKE algorithm for two sets of toy parameters. | Up to $50,000 USD |
By the way, do you know AI can breach security codes and passwords in seconds? How to protect your sensitive data from AI? – Read more https://oreonow.com/hacking-through-ai-in-seconds-the-unsettling-truth/
Amazon’s Latest Warehouse Robot – Digit | Is It A Threat to Human Employment or a New Opportunity?
Musk and Sunak in AI Safety Summit – The Most Disruptive Force?
Adobe Photoshop AI Upgrade: New AI Features Arrive, and So Do the Questions!
About Author
