SECURITYWEEK NETWORK:

ICS:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Artificial Intelligence

Microsoft Expands Copilot Bug Bounty Program, Increases Payouts

Microsoft has added more Copilot consumer products to its bug bounty program and is offering higher rewards for medium-severity vulnerabilities.
Microsoft vulnerability

Microsoft on Friday announced an expansion to its Copilot bug bounty program to include more consumer products and provide researchers with higher incentives.

The same as before, bug hunters can earn up to $30,000 for critical-severity vulnerabilities in multiple Copilot AI products and services, but the payouts for medium-severity flaws have been increased.

“We are introducing new incentives for moderate severity Copilot cases. Researchers who identify and report moderate severity vulnerabilities will now be eligible for bounty rewards up to $5,000,” Microsoft announced.

Per the program’s rules, researchers can earn money by submitting reports of inference manipulation, model manipulation, inferential information disclosure, deserialization of untrusted data, code injection, authentication, SQL and command injection, server-side request forgery (SSRF), improper access control, and other types of security defects.

Now, they can also hunt for bugs in more Copilot consumer products, including Copilot for Telegram, Copilot for WhatsApp, copilot.microsoft.com and copilot.ai.

“This expansion provides researchers with more opportunities to contribute to the security of our Copilot ecosystem and helps us identify and mitigate potential vulnerabilities across a wider array of platforms,” Microsoft says.

The tech giant also notes that, building on the alignment with the AI bug bar, the Copilot bug bounty program has been integrated with its Online Services bug bar, to establish a consistent framework for evaluating the severity of flaws in Copilot consumer products.

“By aligning with the Online Services Bug Bar, we ensure that all reported vulnerabilities are assessed with the same rigor and standards applied across Microsoft’s online services. This not only streamlines the evaluation process but also enhances the transparency and fairness of our bounty rewards,” the company says.

Advertisement. Scroll to continue reading.

Microsoft is encouraging security researchers, developers, and enthusiasts to participate in the program. Additional information and the rules can be found on the Copilot bounty program’s page.

Related: Big Rewards Offered in Dedicated Google Cloud Bug Bounty Program

Related: Samsung Bug Bounty Program Payouts Reach $5M, Top Reward Increased to $1M

Related: Microsoft Bug Bounty Payouts Increased to $16.6 Million in Past Year

Related: Google Offering $250,000 for Full VM Escape in New KVM Bug Bounty Program

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

More from

Latest News

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Virtual Event: Threat Detection and Incident Response Summit
May 21, 2025

Join this event as we dive into threat hunting tools and frameworks, and explore value of threat intelligence data in the defender’s security stack.

Register

Webinar: Which Security Testing Approach is Right for You?
March 25, 2025

Learn how integrating BAS and Automated Penetration Testing empowers security teams to quickly identify and validate threats, enabling prompt response and remediation.

Register

People on the Move

SplxAI, a startup focused on securing AI agents, has announced new CISO Sandy Dunn.

Phillip Miller is joining tax preparation giant H&R Block as VP and CISO.

Linx Security has appointed Sarit Reiner Frumkes as Chief Technology Officer.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.