Hunting for AI Bug Bounty

In this episode of the Microsoft Threat Intelligence Podcast host Sherrod DeGrippo is joined by Technical Program Manager at Microsoft Lynn Miyashita and Principal Research Manager, Andrew Paverd. They discuss the evolution of bug bounty programs into the realm of artificial intelligence, specifically focusing on Microsoft's initiative launched in October 2023. Lynn explains that the AI Bug Bounty incentivizes external security researchers to discover and report vulnerabilities in Microsoft's AI systems, such as Copilot, across various platforms including web browsers and mobile applications. Andrew elaborates on the concept of a "bug bar," which sets the criteria for vulnerabilities eligible for the program. They emphasize the importance of identifying security issues that could arise uniquely from AI systems, such as prompt injection vulnerabilities. The discussion highlights Microsoft's structured approach to handling reported vulnerabilities through their Security Response Center, emphasizing quick mitigation and coordination with researchers to ensure timely fixes and public disclosure. 

In this episode you’ll learn:      

• How AI Bug Bounty programs are reshaping traditional security practices 
• Dangers of prompt injection attacks, and their capacity to exfiltrate sensitive data 
• Why you should engage in AI bug hunting and contribute to the evolving security landscape 

Some questions we ask:     

• Which products are currently included in the Bug Bounty program? 
• Should traditional bug bounty hunters start doing AI bug bounty hunting? 
• How can someone get started with AI bug hunting and submitting to your program? 

Resources:  

View Lynn Miyashita on LinkedIn  

View Andrew Paverd on LinkedIn  

View Sherrod DeGrippo on LinkedIn  

Microsoft AI Bug Bounty Program 

Related Microsoft Podcasts:                   

• Afternoon Cyber Tea with Ann Johnson 
• The BlueHat Podcast 
• Uncovering Hidden Risks     

Discover and follow other Microsoft podcasts at microsoft.com/podcasts  

Get the latest threat intelligence insights and guidance at Microsoft Security Insider 

The Microsoft Threat Intelligence Podcast is produced by Microsoft and distributed as part of N2K media network.