Cyber Security News

Microsoft Offers $30,000 Bounties for AI Security Flaws

Microsoft has launched a new bounty program that offers up to $30,000 to security researchers who discover vulnerabilities in its AI and machine learning (AI/ML) technologies.

This initiative, announced by the Microsoft Security Response Center (MSRC), aims to encourage responsible disclosure of flaws that could pose serious risks to users and organizations relying on Microsoft’s AI-driven products.

Microsoft’s latest bug bounty reflects its ongoing commitment to protect customers from potential exploitation that could arise from vulnerabilities in both traditional and AI-powered products.

“We’re dedicated to working transparently with customers and security researchers in identifying and fixing AI vulnerabilities,” a Microsoft spokesperson said.

The company has outlined a detailed severity classification for common AI/ML vulnerability types, emphasizing the importance of both the technical impact and the ease of exploitation in its triage process.

Understanding AI/ML Security Flaws

Security flaws in AI systems can have far-reaching consequences, from data breaches to manipulated decision-making.

Microsoft’s classification divides these vulnerabilities into two primary categories: Inference Manipulation and Model Manipulation. The following table summarizes Microsoft’s approach:

VulnerabilityDescriptionImpactSeverity
Prompt InjectionInjecting instructions to make the model produce unintended outputs.Data exfiltration or privileged actions (zero-click)Critical
Prompt InjectionSame as above, but requiring some user interaction (one or more clicks).Data exfiltration or privileged actions (user interaction needed)Important
Input PerturbationModifying valid inputs (adversarial examples) to get incorrect model outputs.Data exfiltration or privileged actions (zero-click)Critical
Input PerturbationSame as above, but requiring some user interaction.Data exfiltration or privileged actions (user interaction needed)Important
Model/Data PoisoningManipulating model during training (e.g., altering data or architecture).Used in decision-making affecting other users or public contentCritical

The new bounty, reaching up to $30,000 for the most severe flaws, is one of the highest rewards currently offered for AI security findings.

Microsoft hopes this will foster collaboration between the company and the broader security research community, ensuring rapid identification and resolution of critical threats.

Security researchers interested in participating can review Microsoft’s guidelines and submit their findings through the MSRC portal.

The bounty covers a range of AI vulnerabilities, from prompt injections in language models to data poisoning attacks during machine learning model training.

As AI becomes increasingly central to business and daily life, Microsoft’s proactive approach sets a new standard for industry responsibility.

With this robust bounty program, the company is not only enhancing the security of its own platforms but also contributing to a safer AI ecosystem for everyone.

Find this News Interesting! Follow us on Google NewsLinkedIn, & X to Get Instant Updates!

Divya

Divya is a Senior Journalist at GBhackers covering Cyber Attacks, Threats, Breaches, Vulnerabilities and other happenings in the cyber world.

Recent Posts

xAI API Key Leak Exposes Proprietary Language Models on GitHub

Employee at Elon Musk’s artificial intelligence firm xAI inadvertently exposed a private API key on…

6 minutes ago

“Firefox’s Future Uncertain Without Google Search Deal, Insider Warns”

Mozilla's Chief Financial Officer testified that Firefox could face extinction if Justice Department proposals targeting…

10 minutes ago

Google Gemini Introduces Built-In Image Editing in App

Google has integrated advanced AI-powered image editing tools directly into its Gemini app, enabling users…

12 minutes ago

New GPOHound Tool Analyzes Active Directory GPOs for Escalation Risks

Security researchers have released GPOHound, a powerful open-source tool designed to analyze Group Policy Objects (GPOs)…

49 minutes ago

Signal App Used by Trump Associate Targeted in Security Breach

A major security scare has erupted in Washington after reports emerged that a Trump associate…

1 hour ago

CISA Issues Alert on Langflow Vulnerability Actively Exploited in Attacks

The Cybersecurity and Infrastructure Security Agency (CISA) issued an urgent alert regarding an actively exploited…

2 hours ago