Microsoft is offering a bug bounty for Bing AI-Chat!

Are you an ethical hacker or have such skills by any chance? If so, you can earn up to $250,000 reward just by sending bug reports to Microsoft for Bing Chat.

What is Microsoft’s bug bounty program?

VRS (Vulnerability Reward Program) or bug bounty program is an initiative that big organizations offer to incentivize ethical hackers/ white hat hackers, to identify and report security vulnerabilities or bugs in their system or website or software. They basically offer every ethical hacker a chance to find bugs in their system with detailed reports on how it can be maliciously exploited by hackers, instead of hiring freelancers or researchers themselves.

If you can find a flaw or a bug in the system or software of Microsoft’s latest chatbot Bing, all you have to do is make a legit report on what the problem is and how it threatens the security system from the end of the company as well as the users. 

After submission of the report, it will be thoroughly reviewed by the security-tech engineers of Microsoft. In case your report has a good point and such improvements turn out to be crucial, you will be given a hefty reward and credit for it. 

One interesting thing about this is, even if the vulnerability is not covered by an existing bounty program, Microsoft may publicly acknowledge your contributions when they fix the vulnerability. Additionally, all vulnerability submissions are counted in Microsoft’s Researcher Recognition Program and leaderboard, even if they do not qualify for a bounty award.

To get started, submit a detailed report through the general submission list and select Bing from the product list. 

Microsoft wants to know all the complex details, so be sure to include the type of issue you’ve discovered, the version of Bing that’s affected, any updates you’ve installed, and any special configurations required to reproduce the bug. Step-by-step instructions to reproduce the issue on a fresh install are a must, along with proof of concept to showcase your findings.

How much is the Bounty Price Range?

Initially, the bounty price that you may receive is going to be determined by how important your bug report turns out to be. After the engineers review your report, your bounty price will be determined. You will receive a letter of appreciation along with how much money you are winning within 3 months of your submission. 

Researchers can win anything starting from $20,000 USD to $2,50,000!

Here is a list of softwares/program names, the eligibility criteria and the prices that Microsoft offers for finding bugs. Participation in the Microsoft Bug Bounty Programs is subject to legal terms and conditions, and a bounty Safe Harbor policy.

Cloud Programs

Program NameEligibility Criteria – Give Vulnerability reports on:Bounty Price Range
Microsoft AzureMicrosoft Azure cloud servicesUp to $60,000 USD
Microsoft IdentityIdentity services, including Microsoft Account, Azure Active Directory, or select OpenID standards.Up to $100,000 USD
Xboxthe Xbox Live network and servicesUp to $20,000 USD
M365applicable Microsoft cloud services, including Office 365Up to $20,000 USD
Microsoft Azure DevOps Servicesapplicable Microsoft Azure DevOps ServicesUp to $20,000 USD
Microsoft Dynamics 365 and Power Platformapplicable Microsoft Dynamics 365 and Power Platform applicationsUp to $20,000 USD
Microsoft .NET.NET Core and ASP.NET Core RTM and future buildsUp to $15,000 USD

Platform Programs

Program NameEligibility Criteria – Give Vulnerability reports on:Bounty Price Range
Microsoft Hyper-VCritical remote code execution, information disclosure and denial of services vulnerabilities in Hyper-VUp to $250,000 USD
Microsoft Windows Insider PreviewCritical and important vulnerabilities in Windows Insider PreviewUp to $100,000 USD
Microsoft Applications and On-Premises ServersCritical and important vulnerabilities in Microsoft Applications and On-Premises ServersUp to $30,000 USD
Windows Defender Application GuardCritical vulnerabilities in Windows Defender Application GuardUp to $30,000 USD
Microsoft Edge (Chromium-based)Critical, important, and moderate vulnerabilities in Microsoft Edge (Chromium-based) Dev, Beta, and Stable channelsUp to $30,000 USD
Microsoft 365 InsiderVulnerabilities on Microsoft 365 InsiderUp to $15,000 USD
ElectionGuardVulnerabilities in ElectionGuardUp to $15,000 USD

Defense & Grant Programs

Program NameEligibility Criteria – Give Vulnerability reports on:Bounty Price Range
Mitigation Bypass and Bounty for DefenseNovel exploitation techniques against protections built into the latest version of the Windows operating system. Additionally, defensive ideas that accompany a Mitigation Bypass submission.Up to $100,000 USD (plus up to an additional $100,000)
Grant: Microsoft IdentityApproved research proposals that improve the security of the Microsoft Identity solutions in new ways for both Consumers (Microsoft Account) and Enterprise (Azure Active Directory).Up to $75,000 USD
SIKE Cryptographic ChallengeThis challenge awards for solutions that break the SIKE algorithm for two sets of toy parameters.Up to $50,000 USD

By the way, do you know AI can breach security codes and passwords in seconds? How to protect your sensitive data from AI? – Read more

Add a Comment

Your email address will not be published. Required fields are marked *