Microsoft Boosts Bug Bounty Rewards for AI Vulnerabilities
Microsoft has increased its bug bounty payouts to as much as $30,000 for AI-related vulnerabilities discovered in its Dynamics 365 and Power Platform services.
Power Platform includes tools that help businesses automate workflows and analyze data, while Dynamics 365 offers applications that connect operations, customers, and employees.
Microsoft is offering rewards ranging from $500 to $30,000, with potential for even higher payouts depending on the severity, impact, and quality of the submission. Eligible AI vulnerabilities must fall under Critical or Important severity, as defined in Microsoft’s AI vulnerability classification, and must be reproducible on the platforms in scope.
Examples of qualifying AI issues include:
- Inference manipulation
- Model manipulation
- Inferential information disclosure
Microsoft continues to promote ethical security research through initiatives like the Zero Day Quest, a cloud and AI-focused hacking event launched during last year’s Ignite conference. The company reported receiving over 600 vulnerability submissions and awarding more than $1.6 million in bounties during the event.
Tom Gallagher, VP of Engineering at Microsoft Security Response Center (MSRC), noted that around 100 researchers joined training sessions on AI bug hunting, server-side request forgery (SSRF), and best practices for submitting bug bounty reports.
Expanding AI Security Incentives
Earlier this year, Microsoft also increased payouts for moderate-severity vulnerabilities in Microsoft Copilot, and introduced a 100% bounty multiplier to encourage further AI security research.
By raising rewards and expanding its programs, Microsoft aims to strengthen AI defenses and promote responsible vulnerability disclosure in its AI-powered tools and platforms.
Found this article interesting? Follow us on X(Twitter) ,Threads and FaceBook to read more exclusive content we post.
