Microsoft has launched a new bounty program that offers up to $30,000 to security researchers who discover vulnerabilities in its AI and machine learning (AI/ML) technologies.
This initiative, announced by the Microsoft Security Response Center (MSRC), aims to encourage responsible disclosure of flaws that could pose serious risks to users and organizations relying on Microsoft’s AI-driven products.
Microsoft’s latest bug bounty reflects its ongoing commitment to protect customers from potential exploitation that could arise from vulnerabilities in both traditional and AI-powered products.
“We’re dedicated to working transparently with customers and security researchers in identifying and fixing AI vulnerabilities,” a Microsoft spokesperson said.
The company has outlined a detailed severity classification for common AI/ML vulnerability types, emphasizing the importance of both the technical impact and the ease of exploitation in its triage process.
Understanding AI/ML Security Flaws
Security flaws in AI systems can have far-reaching consequences, from data breaches to manipulated decision-making.
Microsoft’s classification divides these vulnerabilities into two primary categories: Inference Manipulation and Model Manipulation. The following table summarizes Microsoft’s approach:
Vulnerability | Description | Impact | Severity |
Prompt Injection | Injecting instructions to make the model produce unintended outputs. | Data exfiltration or privileged actions (zero-click) | Critical |
Prompt Injection | Same as above, but requiring some user interaction (one or more clicks). | Data exfiltration or privileged actions (user interaction needed) | Important |
Input Perturbation | Modifying valid inputs (adversarial examples) to get incorrect model outputs. | Data exfiltration or privileged actions (zero-click) | Critical |
Input Perturbation | Same as above, but requiring some user interaction. | Data exfiltration or privileged actions (user interaction needed) | Important |
Model/Data Poisoning | Manipulating model during training (e.g., altering data or architecture). | Used in decision-making affecting other users or public content | Critical |
The new bounty, reaching up to $30,000 for the most severe flaws, is one of the highest rewards currently offered for AI security findings.
Microsoft hopes this will foster collaboration between the company and the broader security research community, ensuring rapid identification and resolution of critical threats.
Security researchers interested in participating can review Microsoft’s guidelines and submit their findings through the MSRC portal.
The bounty covers a range of AI vulnerabilities, from prompt injections in language models to data poisoning attacks during machine learning model training.
As AI becomes increasingly central to business and daily life, Microsoft’s proactive approach sets a new standard for industry responsibility.
With this robust bounty program, the company is not only enhancing the security of its own platforms but also contributing to a safer AI ecosystem for everyone.
Find this News Interesting! Follow us on Google News, LinkedIn, & X to Get Instant Updates!