Microsoft has launched a new AI bounty program. This program is the result of investments and learnings from recent months, including an AI security research challenge and an update to Microsoft’s vulnerability severity classification for AI systems. Lynn Miyashita, a technical program manager with the Microsoft Security Response Center, shared this information.
The Microsoft AI bug bounty program
By infosecbulletin
/ Wednesday , April 30 2025
Security vulnerabilities in Apple's AirPlay Protocol and SDK put both third-party and Apple devices at risk of various attacks, including...
Read More
By infosecbulletin
/ Tuesday , April 29 2025
A recent increase in cyber reconnaissance has endangered thousands of organizations, as GreyNoise, a global threat intelligence platform, reported a...
Read More
By infosecbulletin
/ Tuesday , April 29 2025
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added two high-severity security flaws affecting Broadcom Brocade Fabric OS and Commvault...
Read More
By infosecbulletin
/ Tuesday , April 29 2025
Google's Threat Intelligence Group (GTIG) reported that in the year 2024, attackers exploited 75 zero-day vulnerabilities, with over 50% related...
Read More
By infosecbulletin
/ Tuesday , April 29 2025
On Monday, Palo Alto Networks confirmed it is acquiring the US-based AI security company Protect AI. Protect AI has created...
Read More
By infosecbulletin
/ Monday , April 28 2025
On April 24, 2025, CISA published seven advisories addressing security issues, vulnerabilities, and exploits related to Industrial Control Systems (ICS)....
Read More
By infosecbulletin
/ Monday , April 28 2025
India has taken a monumental stride toward next-generation technology by initiating its first Quantum Computing Village, a state-of-the-art project in...
Read More
By infosecbulletin
/ Monday , April 28 2025
Shadow servers found 454 vulnerable SAP NetWeaver systems at risk from a critical zero-day exploit currently being used in attacks....
Read More
By infosecbulletin
/ Monday , April 28 2025
Blind_Virus, DU_Featherless_Bipeds and Hidden investigations team secure the 1st , 2nd and 3rd positions accordingly for online preliminary round at...
Read More
By infosecbulletin
/ Sunday , April 27 2025
A critical vulnerability tracked as CVE-2025-43859 has been disclosed in h11, a minimalist, I/O-agnostic HTTP/1.1 protocol library written in Python....
Read More
Microsoft wants bug hunters to test AI-powered Bing features on bing.com using a browser. They also want them to test Bing integration on Microsoft Edge, including Bing Chat for Enterprise. Additionally, they want testers to check the Bing integration in the iOS and Android versions of Microsoft Start and Skype mobile apps.
They should report vulnerabilities that could be exploited to:
* Manipulate the model’s response to individual inference requests, but do not modify the model itself (“inference manipulation”)
* Manipulate a model during the training phase (“model manipulation”)
* Infer information about the model’s training data, architecture and weights, or inference-time input data (“inferential information disclosure”)
* Influence/change Bing’s chat behavior in a way that impacts all other users
* Modify Bing’s chat behavior by adjusting client and/or server visible configuration
* Break Bing’s cross-conversation memory protections and history deletion
* Reveal Bing’s internal workings and prompts, decision making processes and confidential information
* Bypass Bing’s chat mode session limits and/or restrictions/rules
Click here to read more