Microsoft will now pay you even more to find security bugs in Copilot
- Microsoft’s bug bounty is increasing its moderate flaw reward
- Bug bounties allow firms and researchers to create a safer digital environment
- Other firms like Google also run similar programs, so get hunting
Microsoft has announced it is ‘enhancing security and incentivizing innovation’ by updating its Copilot (AI) bug bounty program and raising the reward for identifying even moderate severity vulnerabilities to $5,000.
Bug bounties are used by software firms in collaboration with security researchers to root out vulnerabilities that could otherwise be exploited by threat actors – and Microsoft even runs its own Black-hat like event with up to $4 million in potential awards for cloud and AI flaws.
As part of the update to the program, the company is also offering workshops, access to Microsoft engineers, and ‘cutting-edge research and development tools’ to increase its investment into the growth and education of AI researchers.
Microsoft’s aim with this program is to cultivate a ‘community of skilled professionals who can contribute to the advancement of AI technology and uphold the highest standards of security and innovation.’
“Researchers who identify and report moderate severity vulnerabilities will now be eligible for bounty rewards up to $5,000” Microsoft confirmed in a statement.
“Expanding our bounty program to include Copilot reflects our ongoing commitment to security across Microsoft products and services, and we encourage researchers to help us identify and mitigate vulnerabilities.”
As cyberattacks become more prolific, software firms are keen to get ahead of the dangers by incentivizing researchers to pick apart their applications, especially the relatively young AI products and platforms.
Since Google started its vulnerability rewards program 15 years ago in 2010, the search engine giant has paid over $50 million in bounties, and over 15,000 vulnerabilities have been discovered – in fact, in 2023, over $10 million was paid to researchers, with one vulnerability earning the participant a staggering $113,337.
You might also like
Microsoft’s bug bounty is increasing its moderate flaw reward Bug bounties allow firms and researchers to create a safer digital environment Other firms like Google also run similar programs, so get hunting Microsoft has announced it is ‘enhancing security and incentivizing innovation’ by updating its Copilot (AI) bug bounty program…
