Cyber Security News

Microsoft Offers $30,000 Bounties for AI Security Flaws

Microsoft has launched a new bounty program that offers up to $30,000 to security researchers who discover vulnerabilities in its AI and machine learning (AI/ML) technologies.

This initiative, announced by the Microsoft Security Response Center (MSRC), aims to encourage responsible disclosure of flaws that could pose serious risks to users and organizations relying on Microsoft’s AI-driven products.

Microsoft’s latest bug bounty reflects its ongoing commitment to protect customers from potential exploitation that could arise from vulnerabilities in both traditional and AI-powered products.

“We’re dedicated to working transparently with customers and security researchers in identifying and fixing AI vulnerabilities,” a Microsoft spokesperson said.

The company has outlined a detailed severity classification for common AI/ML vulnerability types, emphasizing the importance of both the technical impact and the ease of exploitation in its triage process.

Understanding AI/ML Security Flaws

Security flaws in AI systems can have far-reaching consequences, from data breaches to manipulated decision-making.

Microsoft’s classification divides these vulnerabilities into two primary categories: Inference Manipulation and Model Manipulation. The following table summarizes Microsoft’s approach:

VulnerabilityDescriptionImpactSeverity
Prompt InjectionInjecting instructions to make the model produce unintended outputs.Data exfiltration or privileged actions (zero-click)Critical
Prompt InjectionSame as above, but requiring some user interaction (one or more clicks).Data exfiltration or privileged actions (user interaction needed)Important
Input PerturbationModifying valid inputs (adversarial examples) to get incorrect model outputs.Data exfiltration or privileged actions (zero-click)Critical
Input PerturbationSame as above, but requiring some user interaction.Data exfiltration or privileged actions (user interaction needed)Important
Model/Data PoisoningManipulating model during training (e.g., altering data or architecture).Used in decision-making affecting other users or public contentCritical

The new bounty, reaching up to $30,000 for the most severe flaws, is one of the highest rewards currently offered for AI security findings.

Microsoft hopes this will foster collaboration between the company and the broader security research community, ensuring rapid identification and resolution of critical threats.

Security researchers interested in participating can review Microsoft’s guidelines and submit their findings through the MSRC portal.

The bounty covers a range of AI vulnerabilities, from prompt injections in language models to data poisoning attacks during machine learning model training.

As AI becomes increasingly central to business and daily life, Microsoft’s proactive approach sets a new standard for industry responsibility.

With this robust bounty program, the company is not only enhancing the security of its own platforms but also contributing to a safer AI ecosystem for everyone.

Find this News Interesting! Follow us on Google NewsLinkedIn, & X to Get Instant Updates!

Divya

Divya is a Senior Journalist at GBhackers covering Cyber Attacks, Threats, Breaches, Vulnerabilities and other happenings in the cyber world.

Recent Posts

EU Targets Stark Industries in Cyberattack Sanctions Crackdown

The European Union has escalated its response to Russia’s ongoing campaign of hybrid threats, announcing…

3 hours ago

Venice.ai’s Unrestricted Access Sparks Concerns Over AI-Driven Cyber Threats

Venice.ai has rapidly emerged as a disruptive force in the AI landscape, positioning itself as…

4 hours ago

GenAI Assistant DIANNA Uncovers New Obfuscated Malware

Deep Instinct’s GenAI-powered assistant, DIANNA, has identified a sophisticated new malware strain dubbed BypassERWDirectSyscallShellcodeLoader. This…

4 hours ago

Hackers Expose 184 Million User Passwords via Open Directory

A major cybersecurity incident has come to light after researcher Jeremiah Fowler discovered a publicly…

4 hours ago

New Formjacking Malware Targets E-Commerce Sites to Steal Credit Card Data

A disturbing new formjacking malware has emerged, specifically targeting WooCommerce-based e-commerce sites to steal sensitive…

4 hours ago

GitLab Duo Vulnerability Exploited to Inject Malicious Links and Steal Source Code

A security vulnerability was recently discovered in GitLab Duo, the AI-powered coding assistant integrated into…

5 hours ago