​Microsoft introduced over the weekend that it has expanded its Microsoft Copilot (AI) bug bounty program and elevated payouts for average severity vulnerabilities.
To additional safe its Copilot shopper merchandise towards assaults, Redmond added a broader vary of Copilot shopper services to the scope of this system, together with Copilot for Telegram, Copilot for WhatsApp, copilot.microsoft.com, and copilot.ai.
The corporate is now additionally providing incentives of as much as $5,000 for reporting average vulnerabilities, which may additionally considerably have an effect on the safety and reliability of its Copilot merchandise.
“We’re introducing new incentives for average severity Copilot circumstances. Researchers who establish and report average severity vulnerabilities will now be eligible for bounty rewards as much as $5,000,” Microsoft mentioned.
“This growth supplies researchers with extra alternatives to contribute to the safety of our Copilot ecosystem and helps us establish and mitigate potential vulnerabilities throughout a wider array of platforms.”
The corporate’s Microsoft Copilot bounty program additionally rewards certified submissions for vulnerabilities present in Copilot (Professional) AI experiences in Microsoft Edge (Home windows), Microsoft Copilot Software (iOS and Android), Home windows OS, and Bing generative search hosted on bing.com in Browser.
Bounty awards vary from $250 for low-severity Cross-Web site Scripting (XSS), Cross-Web site Request Forgery (CSRF), Internet Safety Misconfiguration, Cross Origin Entry, and Improper Enter Validation bugs as much as $30,000 for essential flaws permitting inference manipulation.
The Microsoft 365 Bounty Program was additionally expanded final month to incorporate new Viva merchandise for Vital and Essential circumstances, together with Function Entry Management, Glint, Studying, and Pulse, with awards as much as $27,000.
Throughout final yr’s Ignite annual convention in Chicago, Microsoft additionally expanded its bug bounty applications by launching the Zero Day Quest, a hacking occasion with $4 million in rewards centered on cloud and AI merchandise and platforms.
The efforts to spice up cybersecurity safety throughout all merchandise are a part of the Safe Future Initiative (SFI), a company-wide cybersecurity engineering effort launched in November 2023 to get forward of a scathing report issued by the Cyber Security Evaluation Board of the U.S. Division of Homeland Safety saying that Microsoft’s “safety tradition was insufficient and requires an overhaul.”
