Microsoft has launched a new AI bounty program. This program is the result of investments and learnings from recent months, including an AI security research challenge and an update to Microsoft’s vulnerability severity classification for AI systems. Lynn Miyashita, a technical program manager with the Microsoft Security Response Center, shared this information.
The Microsoft AI bug bounty program
By infosecbulletin
/ Saturday , January 11 2025
A deceptive proof-of-concept exploit for CVE-2024-49113, known as "LDAPNightmare," on GitHub spreads infostealer malware that steals sensitive data and sends...
Read More
By infosecbulletin
/ Friday , January 10 2025
In a sophisticated phishing campaign, uncovered cybercriminals are exploiting CrowdStrike’s recruitment branding to target developers and deploy the XMRig cryptominer....
Read More
By infosecbulletin
/ Friday , January 10 2025
In October 2024, security researcher Ben Sadeghipour discovered a vulnerability in Facebook's ad platform that allowed him to run commands...
Read More
By infosecbulletin
/ Friday , January 10 2025
In 2025, malware attacks will persist. To prepare, organizations should familiarize themselves with common malware families. Here are five to...
Read More
By infosecbulletin
/ Thursday , January 9 2025
Palo Alto Networks released a security advisory about vulnerabilities in its Expedition migration tool that could expose sensitive data and...
Read More
By infosecbulletin
/ Thursday , January 9 2025
Launched in July 2023, the new US Cyber Trust Mark allows smart devices from participating vendors to showcase their cyber...
Read More
By infosecbulletin
/ Wednesday , January 8 2025
CISA has urgent warnings for organizations regarding three security flaws in Mitel and Oracle systems that are currently being exploited....
Read More
By infosecbulletin
/ Wednesday , January 8 2025
Cybersecurity professionals serve as the first line of defense against hackers, hacktivists, and ransomware groups. To combat these cyber threats,...
Read More
By infosecbulletin
/ Tuesday , January 7 2025
Over 48,000 SonicWall devices are still vulnerable to a serious security flaw, putting organizations worldwide at risk of ransomware attacks....
Read More
By infosecbulletin
/ Monday , January 6 2025
On Friday, the Indian government released the draft Digital Personal Data Protection Rules, requiring social media and online platforms to...
Read More
Microsoft wants bug hunters to test AI-powered Bing features on bing.com using a browser. They also want them to test Bing integration on Microsoft Edge, including Bing Chat for Enterprise. Additionally, they want testers to check the Bing integration in the iOS and Android versions of Microsoft Start and Skype mobile apps.
They should report vulnerabilities that could be exploited to:
* Manipulate the model’s response to individual inference requests, but do not modify the model itself (“inference manipulation”)
* Manipulate a model during the training phase (“model manipulation”)
* Infer information about the model’s training data, architecture and weights, or inference-time input data (“inferential information disclosure”)
* Influence/change Bing’s chat behavior in a way that impacts all other users
* Modify Bing’s chat behavior by adjusting client and/or server visible configuration
* Break Bing’s cross-conversation memory protections and history deletion
* Reveal Bing’s internal workings and prompts, decision making processes and confidential information
* Bypass Bing’s chat mode session limits and/or restrictions/rules
Click here to read more