Microsoft warmly invites you to test its new AI-powered Bing search tools and push them to the limits of their existence. If you succeed in provoking an existential crisis in AI Bing, Microsoft is willing to offer a reward of up to $15,000 for your efforts.
Indeed, AI Bing has become part of Microsoft's bug bounty program, as reported by Bleeping Computer. The program is primarily designed for security professionals, who are encouraged to identify and report any vulnerabilities or security issues they discover in Microsoft's products and services. In return, they receive a monetary reward from Microsoft. To qualify for the full $15,000 reward, participants must submit a comprehensive report that satisfies a lengthy list of submission requirements.
In order to be eligible for the bug bounty program, you will need to determine the specific type of vulnerability and the affected environment, which includes providing a BuildLabEx string. Additionally, you will be required to produce a vulnerability reproduction report, a proof of concept, and fulfill other specified criteria. To be more precise, Microsoft is seeking vulnerabilities that align with the following definitions:
- Influencing and changing Bing’s chat behavior across user boundaries, i.e. change the AI in ways that impact all other users.
- Modifying Bing’s chat behavior by adjusting client and/or server visible configuration, such as setting debug flags, changing feature flags, etc.
- Breaking Bing’s cross-conversation memory protections and history deletion.
- Revealing Bing’s internal workings and prompts, decision making processes and confidential information.
- Bypassing Bing’s chat mode session limits and/or restrictions/rules.
So, as you can see, this goes beyond simply trying to provoke Bing with perplexing questions until it undergoes an existential crisis or begins gaslighting you about the date. However, the new program encompasses nearly all AI-powered Bing services:
- AI-powered Bing experiences on bing.com in Browser (All major vendors are supported, including Bing Chat, Bing Chat for Enterprise, and Bing Image Creator)
- AI-powered Bing integration in Microsoft Edge (Windows), including Bing Chat for Enterprise
- AI-powered Bing integration in the Microsoft Start Application (iOS and Android)
- AI-powered Bing integration in the Skype Mobile Application (iOS and Android)
So, you have numerous attack vectors to explore, which provides ample opportunities. Furthermore, Microsoft has disclosed that from the previous year up until June, they have disbursed over $13 million in bug bounty rewards, with a single payout of $200,000 to an individual. This indicates that certain individuals have successfully met all of Microsoft's security requirements. Good luck!
