EPISODE · Jul 17, 2024 · 20 MIN
Hunting for AI Bug Bounty
from Microsoft Threat Intelligence Podcast · host Microsoft
In this episode of the Microsoft Threat Intelligence Podcast host Sherrod DeGrippo is joined by Technical Program Manager at Microsoft Lynn Miyashita and Principal Research Manager, Andrew Paverd. They discuss the evolution of bug bounty programs into the realm of artificial intelligence, specifically focusing on Microsoft's initiative launched in October 2023. Lynn explains that the AI Bug Bounty incentivizes external security researchers to discover and report vulnerabilities in Microsoft's AI systems, such as Copilot, across various platforms including web browsers and mobile applications. Andrew elaborates on the concept of a "bug bar," which sets the criteria for vulnerabilities eligible for the program. They emphasize the importance of identifying security issues that could arise uniquely from AI systems, such as prompt injection vulnerabilities. The discussion highlights Microsoft's structured approach to handling reported vulnerabilities through their Security Response Center, emphasizing quick mitigation and coordination with researchers to ensure timely fixes and public disclosure. In this episode you’ll learn: How AI Bug Bounty programs are reshaping traditional security practices Dangers of prompt injection attacks, and their capacity to exfiltrate sensitive data Why you should engage in AI bug hunting and contribute to the evolving security landscape Some questions we ask: Which products are currently included in the Bug Bounty program? Should traditional bug bounty hunters start doing AI bug bounty hunting? How can someone get started with AI bug hunting and submitting to your program? Resources: View Lynn Miyashita on LinkedIn View Andrew Paverd on LinkedIn View Sherrod DeGrippo on LinkedIn Microsoft AI Bug Bounty Program Related Microsoft Podcasts: Afternoon Cyber Tea with Ann Johnson The BlueHat Podcast Uncovering Hidden Risks Discover and follow other Microsoft podcasts at microsoft.com/podcasts Get the latest threat intelligence insights and guidance at Microsoft Security Insider The Microsoft Threat Intelligence Podcast is produced by Microsoft and distributed as part of N2K media network.
What this episode covers
In this episode of the Microsoft Threat Intelligence Podcast host Sherrod DeGrippo is joined by Technical Program Manager at Microsoft Lynn Miyashita and Principal Research Manager, Andrew Paverd. They discuss the evolution of bug bounty programs into the realm of artificial intelligence, specifically focusing on Microsoft's initiative launched in October 2023. Lynn explains that the AI Bug Bounty incentivizes external security researchers to discover and report vulnerabilities in Microsoft's AI systems, such as Copilot, across various platforms including web browsers and mobile applications. Andrew elaborates on the concept of a "bug bar," which sets the criteria for vulnerabilities eligible for the program. They emphasize the importance of identifying security issues that could arise uniquely from AI systems, such as prompt injection vulnerabilities. The discussion highlights Microsoft's structured approach to handling reported vulnerabilities through their Security Response Center, emphasizing quick mitigation and coordination with researchers to ensure timely fixes and public disclosure. In this episode you’ll learn: How AI Bug Bounty programs are reshaping traditional security practices Dangers of prompt injection attacks, and their capacity to exfiltrate sensitive data Why you should engage in AI bug hunting and contribute to the evolving security landscape Some questions we ask: Which products are currently included in the Bug Bounty program? Should traditional bug bounty hunters start doing AI bug bounty hunting? How can someone get started with AI bug hunting and submitting to your program? Resources: View Lynn Miyashita on LinkedIn View Andrew Paverd on LinkedIn View Sherrod DeGrippo on LinkedIn Microsoft AI Bug Bounty Program Related Microsoft Podcasts: Afternoon Cyber Tea with Ann Johnson The BlueHat Podcast Uncovering Hidden Risks Discover and follow other Microsoft podcasts at microsoft.com/podcasts Get the latest threat intelligence insights and guidance at Microsoft Security Insider The Microsoft Threat Intelligence Podcast is produced by Microsoft and distributed as part of N2K media network.
NOW PLAYING
Hunting for AI Bug Bounty
No transcript for this episode yet
Similar Episodes
Mar 26, 2026 ·1m
Jan 2, 2026 ·47m
Dec 21, 2025 ·46m