Microsoft announced an expansion to its Copilot bug bounty program to include more consumer products and provide researchers with higher incentives. The same as before, bug hunters can earn up to $30,000 for critical-severity vulnerabilities in multiple Copilot AI products and services, but the payouts for medium-severity flaws have been increased. Per the program’s rules, researchers can earn money by submitting reports of inference manipulation, model manipulation, inferential information disclosure, deserialization of untrusted data, code injection, authentication, SQL and command injection, server-side request forgery (SSRF), improper access control, and other types of security defects. Microsoft is encouraging security researchers, developers, and enthusiasts to participate in the program.

Read more: https://www.securityweek.com/microsoft-expands-copilot-bug-bounty-program-increases-payouts/