Microsoft Security Response Center reposted this
The Microsoft AI Bounty program aims to better secure Microsoft Copilot by inviting security researchers to find and report high impact security vulnerabilities. In the program, researchers who find a bug in Copilot need to send details of their findings to MSRC via https://msft.it/6043lRzYB for analysis, severity and impact assessment, as well as mitigation development. Principal Research Manager Andrew Paverd shares that the AI bug bar, the clear definition of what a bug means, is the critical first ingredient of any bug bounty program like Microsoft AI Bounty. The AI bug bar, reflected in the Microsoft Vulnerability Severity Classification for AI Systems, puts focus on high impact security issues within Microsoft Copilot. Learn more about the AI bug bar here: https://msft.it/6044lRzY8 The new bug bounty program, which launched in October 2023, is an area of vulnerability research that people from any background can get started in. Technical Program Manager Lynn Miyashita shares, “...there’s a number of different types of vulnerabilities that you can find in varying severity levels, and I think it opens up the door to anyone of any background being able to have the opportunity to go and start chatting with Copilot to see what they can find.” Andrew also further iterates that AI is just part of a bigger system, and that there's potential for finding vulnerabilities that span the traditional scope of a bug hunter and the scope of new vulnerabilities that may arise because of AI. Learn more about the Microsoft AI Bounty Program in this episode of the Microsoft Threat Intelligence Podcast with host Sherrod DeGrippo: https://msft.it/6042lRzY6 Also, specific details on the bounty program can be found here: https://msft.it/6045lRzYD