Microsoft will now pay you even more to find security bugs in Copilot

A woman at a table using a Windows laptop, opposite sits a man, neither show their face
(Image credit: Unsplash / Windows)

  • Microsoft's bug bounty is increasing its moderate flaw reward
  • Bug bounties allow firms and researchers to create a safer digital environment
  • Other firms like Google also run similar programs, so get hunting

Microsoft has announced it is ‘enhancing security and incentivizing innovation’ by updating its Copilot (AI) bug bounty program and raising the reward for identifying even moderate severity vulnerabilities to $5,000.

Bug bounties are used by software firms in collaboration with security researchers to root out vulnerabilities that could otherwise be exploited by threat actors - and Microsoft even runs its own Black-hat like event with up to $4 million in potential awards for cloud and AI flaws.

As part of the update to the program, the company is also offering workshops, access to Microsoft engineers, and ‘cutting-edge research and development tools’ to increase its investment into the growth and education of AI researchers.

Community collaboration

Microsoft's aim with this program is to cultivate a ‘community of skilled professionals who can contribute to the advancement of AI technology and uphold the highest standards of security and innovation.’

“Researchers who identify and report moderate severity vulnerabilities will now be eligible for bounty rewards up to $5,000” Microsoft confirmed in a statement.

“Expanding our bounty program to include Copilot reflects our ongoing commitment to security across Microsoft products and services, and we encourage researchers to help us identify and mitigate vulnerabilities.”

As cyberattacks become more prolific, software firms are keen to get ahead of the dangers by incentivizing researchers to pick apart their applications, especially the relatively young AI products and platforms.

Since Google started its vulnerability rewards program 15 years ago in 2010, the search engine giant has paid over $50 million in bounties, and over 15,000 vulnerabilities have been discovered - in fact, in 2023, over $10 million was paid to researchers, with one vulnerability earning the participant a staggering $113,337.

You might also like

Ellen Jennings-Trace
Staff Writer

Ellen has been writing for almost four years, with a focus on post-COVID policy whilst studying for BA Politics and International Relations at the University of Cardiff, followed by an MA in Political Communication. Before joining TechRadar Pro as a Junior Writer, she worked for Future Publishing’s MVC content team, working with merchants and retailers to upload content.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.

Read more
Application Security Testing Concept with Digital Magnifying Glass Scanning Applications to Detect Vulnerabilities - AST - Process of Making Apps Resistant to Security Threats - 3D Illustration
Google bug bounty payments hit nearly $12 million in 2024
Microsoft
"Another pair of eyes" - Microsoft launches all-new Security Copilot Agents to give security teams the upper hand
Facebook on laptop
Researcher nets major reward for finding Facebook bug able to unlock the gates to its internal systems
Copilot on a laptop
Microsoft quietly updates Copilot to cut down on unauthorized Windows activations
The best free firewall
Microsoft fixes Power Pages security flaw, tells users to be on their guard
Microsoft Team Red
Microsoft's own baddie team 'attacked' more than 100 generative AI products: Here's what they learnt
Latest in Security
NHS
NHS IT supplier hit with major fine following ransomware attack
Data leak
Top home hardware firm data leak could see millions of customers affected
Representational image depecting cybersecurity protection
Third-party security issues could be the biggest threat facing your business
A stylized depiction of a padlocked WiFi symbol sitting in the centre of an interlocking vault.
Broadcom warns of worrying security flaws affecting VMware tools
Android Logo
Devious new Android malware uses a Microsoft tool to avoid being spotted
URL phishing
HaveIBeenPwned owner suffers phishing attack that stole his Mailchimp mailing list
Latest in News
Waze voice control
Waze is ditching Google Assistant for Gemini on iOS, and for good reasons
Apple Watch Ultra 2 displaying a step count and distance
Using a smartwatch could be a game-changer for people with diabetes, new research suggests
Focal Bathys MG
Focal just upgraded its audiophile noise-cancelling wireless headphones with even better sound, better noise cancelling, and a way higher price
A PC gamer celebrating, sat in a gaming chair in front of a monitor
Windows 11’s Game Bar gets a fresh coat of paint, plus a tweak to work better on handhelds – and I like the direction Microsoft’s heading in here
NHS
NHS IT supplier hit with major fine following ransomware attack
A business woman looking at AI on a transparent screen
Most businesses are now fully embracing AI - but aren't always protected against the risks