Microsoft has updated its Copilot bug bounty program, raising the maximum payout for moderate-severity vulnerabilities to $5,000 and expanding the types of vulnerabilities eligible for rewards. This move reflects the company’s commitment to improving security in its Copilot products.
Researchers can now earn between $250 and $30,000 for reporting vulnerabilities, with higher payouts reserved for critical issues like code injection and model manipulation. Microsoft categorizes vulnerabilities into four levels: Critical, Important, Moderate, and Low.
The program has broadened its scope from three to 14 vulnerability types, including deserialization of untrusted data, authentication issues, and improper input validation. Microsoft specifically encourages bug hunters to examine services such as Copilot for Telegram and Copilot for WhatsApp.
Initially launched in October 2023 for Bing’s AI features, the Copilot bug bounty program was extended in April 2024. The recent changes aim to motivate researchers to identify potential security flaws before they can be exploited.
These enhancements come as Microsoft, along with other tech companies, integrates generative AI into their products, raising concerns about security risks. By increasing bounty rewards, Microsoft hopes to attract more researchers to help safeguard its AI systems.
For more details, visit The Register.