Podcasts
The Microsoft Threat Intelligence Podcast
Ep 23
The Microsoft Threat Intelligence Podcast 7.17.24
Ep 23 | 7.17.24

Hunting for AI Bug Bounty

Show Notes
Transcript

In this episode of the Microsoft Threat Intelligence Podcast host Sherrod DeGrippo is joined by Technical Program Manager at Microsoft Lynn Miyashita and Principal Research Manager, Andrew Paverd. They discuss the evolution of bug bounty programs into the realm of artificial intelligence, specifically focusing on Microsoft's initiative launched in October 2023. Lynn explains that the AI Bug Bounty incentivizes external security researchers to discover and report vulnerabilities in Microsoft's AI systems, such as Copilot, across various platforms including web browsers and mobile applications. Andrew elaborates on the concept of a "bug bar," which sets the criteria for vulnerabilities eligible for the program. They emphasize the importance of identifying security issues that could arise uniquely from AI systems, such as prompt injection vulnerabilities. The discussion highlights Microsoft's structured approach to handling reported vulnerabilities through their Security Response Center, emphasizing quick mitigation and coordination with researchers to ensure timely fixes and public disclosure. 

In this episode you’ll learn:      

  • How AI Bug Bounty programs are reshaping traditional security practices 
  • Dangers of prompt injection attacks, and their capacity to exfiltrate sensitive data 
  • Why you should engage in AI bug hunting and contribute to the evolving security landscape 

Some questions we ask:     

  • Which products are currently included in the Bug Bounty program? 
  • Should traditional bug bounty hunters start doing AI bug bounty hunting? 
  • How can someone get started with AI bug hunting and submitting to your program?  

Resources:  

View Lynn Miyashita on LinkedIn  

View Andrew Paverd on LinkedIn  

View Sherrod DeGrippo on LinkedIn   

Microsoft AI Bug Bounty Program 

Related Microsoft Podcasts:                   


Discover and follow other Microsoft podcasts at microsoft.com/podcasts  

Get the latest threat intelligence insights and guidance at Microsoft Security Insider 

 

The Microsoft Threat Intelligence Podcast is produced by Microsoft and distributed as part of N2K media network.  

The Microsoft Threat Intelligence Podcast
Podcast Info
HOST(S):
Sherrod DeGrippo
Sherrod DeGrippo, Director of Threat Intelligence Strategy at Microsoft, is a frequently cited threat intelligence expert with a 19-year career leading global threat research and analyst teams. She was named Cybersecurity Woman of the Year in 2022 and Cybersecurity PR Spokesperson of the Year for 2021. Sherrod has provided expert commentary for BBC News, Wall Street Journal, CNN, and New York Times and has presented extensively at conferences including Black Hat, RSA Conference, RMISC, SleuthCon, and others.
Schedule: Bi-Weekly
Credits: Executive Producer is Bruce Bracken, Producer is Rob Petrillo, Production Manager is Max Solomon, and our Audio Engineer (and magician) is none other than The Great Rich Cerbini.
Creator: Microsoft
The Microsoft Threat Intelligence Podcast