Microsoft will now pay you even more to find security bugs in Copilot

News
By published

Copilot bug bounty program increases rewards

A woman at a table using a Windows laptop, opposite sits a man, neither show their face
(Image credit: Unsplash / Windows)
  • Microsoft's bug bounty is increasing its moderate flaw reward
  • Bug bounties allow firms and researchers to create a safer digital environment
  • Other firms like Google also run similar programs, so get hunting

Microsoft has announced it is ‘enhancing security and incentivizing innovation’ by updating its Copilot (AI) bug bounty program and raising the reward for identifying even moderate severity vulnerabilities to $5,000.

Bug bounties are used by software firms in collaboration with security researchers to root out vulnerabilities that could otherwise be exploited by threat actors - and Microsoft even runs its own Black-hat like event with up to $4 million in potential awards for cloud and AI flaws.

As part of the update to the program, the company is also offering workshops, access to Microsoft engineers, and ‘cutting-edge research and development tools’ to increase its investment into the growth and education of AI researchers.

Community collaboration

Microsoft's aim with this program is to cultivate a ‘community of skilled professionals who can contribute to the advancement of AI technology and uphold the highest standards of security and innovation.’

“Researchers who identify and report moderate severity vulnerabilities will now be eligible for bounty rewards up to $5,000” Microsoft confirmed in a statement.

“Expanding our bounty program to include Copilot reflects our ongoing commitment to security across Microsoft products and services, and we encourage researchers to help us identify and mitigate vulnerabilities.”

As cyberattacks become more prolific, software firms are keen to get ahead of the dangers by incentivizing researchers to pick apart their applications, especially the relatively young AI products and platforms.

Since Google started its vulnerability rewards program 15 years ago in 2010, the search engine giant has paid over $50 million in bounties, and over 15,000 vulnerabilities have been discovered - in fact, in 2023, over $10 million was paid to researchers, with one vulnerability earning the participant a staggering $113,337.

You might also like

Ellen Jennings-Trace
Ellen Jennings-Trace
Staff Writer

Ellen has been writing for almost four years, with a focus on post-COVID policy whilst studying for BA Politics and International Relations at the University of Cardiff, followed by an MA in Political Communication. Before joining TechRadar Pro as a Junior Writer, she worked for Future Publishing’s MVC content team, working with merchants and retailers to upload content.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.