Microsoft has recently announced the expansion of its Copilot bug bounty program, aiming to enhance the security of its consumer products by offering increased incentives for security researchers. The company has raised the rewards for moderate-severity vulnerabilities, allowing researchers to now earn up to $5,000 for identifying such flaws. In addition, the program continues to provide up to $30,000 for critical-severity vulnerabilities in Copilot AI products and services, emphasizing the importance of discovering and reporting potential risks.
As part of the expansion, Microsoft has broadened the scope of eligible Copilot products to include platforms such as Copilot for Telegram, Copilot for WhatsApp, and other Copilot platforms. This change enables researchers to earn bounties for identifying various vulnerabilities, including inference manipulation, code injection, and improper access control, among others. The goal of this expansion is to strengthen the security of the Copilot ecosystem by providing researchers with more opportunities to contribute.
Furthermore, Microsoft has aligned the Copilot bug bounty program with its Online Services Bug Bar to standardize how vulnerabilities are evaluated across all of the company’s platforms. This alignment ensures that all flaws in Copilot products are assessed consistently, promoting fairness and transparency in the bounty process. By streamlining the evaluation process for researchers submitting reports, Microsoft aims to make it easier for security professionals to participate in the program.
Microsoft is actively encouraging security researchers, developers, and enthusiasts to take part in the expanded Copilot bug bounty program. By offering comprehensive incentives and increasing the number of eligible products, the company seeks to fortify its Copilot ecosystem against potential threats. More information and program rules can be found on the Copilot bounty program’s page, providing interested individuals with the necessary details to get involved and contribute to the security of Microsoft’s consumer products.
In conclusion, Microsoft’s expansion of the Copilot bug bounty program reflects the company’s commitment to enhancing the security of its consumer products. By offering increased incentives, broadening the scope of eligible products, and aligning the program with the Online Services Bug Bar, Microsoft is taking proactive steps to strengthen the Copilot ecosystem and protect it from potential risks. Security researchers and enthusiasts are encouraged to participate in the program and play a critical role in securing Microsoft’s products for users around the world.