Hunting for AI Bug Bounty

Hunting for AI Bug Bounty

Update: 2024-07-17
Share

Description

In this episode of the Microsoft Threat Intelligence Podcast host Sherrod DeGrippo is joined by Technical Program Manager at Microsoft Lynn Miyashita and Principal Research Manager, Andrew Paverd. They discuss the evolution of bug bounty programs into the realm of artificial intelligence, specifically focusing on Microsoft's initiative launched in October 2023. Lynn explains that the AI Bug Bounty incentivizes external security researchers to discover and report vulnerabilities in Microsoft's AI systems, such as Copilot, across various platforms including web browsers and mobile applications. Andrew elaborates on the concept of a "bug bar," which sets the criteria for vulnerabilities eligible for the program. They emphasize the importance of identifying security issues that could arise uniquely from AI systems, such as prompt injection vulnerabilities. The discussion highlights Microsoft's structured approach to handling reported vulnerabilities through their Security Response Center, emphasizing quick mitigation and coordination with researchers to ensure timely fixes and public disclosure. 

  


In this episode you’ll learn:      

  


  • How AI Bug Bounty programs are reshaping traditional security practices 

  • Dangers of prompt injection attacks, and their capacity to exfiltrate sensitive data 

  • Why you should engage in AI bug hunting and contribute to the evolving security landscape 

 


Some questions we ask:     

  


  • Which products are currently included in the Bug Bounty program? 

  • Should traditional bug bounty hunters start doing AI bug bounty hunting? 

  • How can someone get started with AI bug hunting and submitting to your program? 

 

 


Resources:  

View Lynn Miyashita on LinkedIn  

View Andrew Paverd on LinkedIn  

View Sherrod DeGrippo on LinkedIn  

 

Microsoft AI Bug Bounty Program 

 

 


Related Microsoft Podcasts:                   

 

 

Discover and follow other Microsoft podcasts at microsoft.com/podcasts  

 

Get the latest threat intelligence insights and guidance at Microsoft Security Insider 

 

 

The Microsoft Threat Intelligence Podcast is produced by Microsoft and distributed as part of N2K media network.  

Comments 
00:00
00:00
x

0.5x

0.8x

1.0x

1.25x

1.5x

2.0x

3.0x

Sleep Timer

Off

End of Episode

5 Minutes

10 Minutes

15 Minutes

30 Minutes

45 Minutes

60 Minutes

120 Minutes

Hunting for AI Bug Bounty

Hunting for AI Bug Bounty

Microsoft