Microsoft introduced over the weekend that it has expanded its Microsoft Copilot (AI) bug bounty program and elevated payouts for average severity vulnerabilities.
To additional safe its Copilot shopper merchandise in opposition to assaults, Redmond added a broader vary of Copilot shopper services and products to the scope of this system, together with Copilot for Telegram, Copilot for WhatsApp, copilot.microsoft.com, and copilot.ai.
The corporate is now additionally providing incentives of as much as $5,000 for reporting average vulnerabilities, which might additionally considerably have an effect on the safety and reliability of its Copilot merchandise.
“We’re introducing new incentives for average severity Copilot instances. Researchers who determine and report average severity vulnerabilities will now be eligible for bounty rewards as much as $5,000,” Microsoft stated.
“This growth offers researchers with extra alternatives to contribute to the safety of our Copilot ecosystem and helps us determine and mitigate potential vulnerabilities throughout a wider array of platforms.”
The corporate’s Microsoft Copilot bounty program additionally rewards certified submissions for vulnerabilities present in Copilot (Professional) AI experiences in Microsoft Edge (Home windows), Microsoft Copilot Utility (iOS and Android), Home windows OS, and Bing generative search hosted on bing.com in Browser.
Bounty awards vary from $250 for low-severity Cross-Website Scripting (XSS), Cross-Website Request Forgery (CSRF), Internet Safety Misconfiguration, Cross Origin Entry, and Improper Enter Validation bugs as much as $30,000 for vital flaws permitting inference manipulation.
The Microsoft 365 Bounty Program was additionally expanded final month to incorporate new Viva merchandise for Crucial and Vital instances, together with Characteristic Entry Management, Glint, Studying, and Pulse, with awards as much as $27,000.
Throughout final yr’s Ignite annual convention in Chicago, Microsoft additionally expanded its bug bounty packages by launching the Zero Day Quest, a hacking occasion with $4 million in rewards targeted on cloud and AI merchandise and platforms.
The efforts to spice up cybersecurity safety throughout all merchandise are a part of the Safe Future Initiative (SFI), a company-wide cybersecurity engineering effort launched in November 2023 to get forward of a scathing report issued by the Cyber Security Overview Board of the U.S. Division of Homeland Safety saying that Microsoft’s “safety tradition was insufficient and requires an overhaul.”