Microsoft is paying out some huge rewards for spotting AI security issues
- Microsoft has upped the ante in its bug bounty program
- Payouts can now be as high as $30,000
- In some cases, the payout can even be higher
Microsoft is revealed it is now prepared to pay up to $30,000 in bounty to people who discover AI vulnerabilities in its Dynamics 365 and Power Platinum.
The company recently updated its bounty program with the new information.
“We invite individuals or organizations to identify security vulnerabilities in targeted Dynamics 365 and Power Platform applications and share them with our team. Qualified submissions are eligible for bounty rewards of $500 to $30,000 USD,” the company said.
Second increase
Microsoft is willing to shell out for inference manipulation flaws, model manipulation, and inferential information disclosure. The vulnerabilities need to be either important or critical in their severity.
“To be eligible for AI Bounty Awards, such vulnerability must be Critical or Important severity as defined in the Microsoft Vulnerability Severity Classification for AI Systems and reproducible on a product or service listed in the In Scope Services and Products.”
Dynamics 365 is a cloud-based suite of integrated business applications that combines CRM and ERP capabilities, while Power Platform is a low-code development suite that enables users to analyze data, build apps, automate workflows, and create chatbots using Power BI, Power Apps, Power Automate, and Power Virtual Agents.
If $30,000 doesn’t seem like a lot of money for such vulnerabilities, it’s perhaps worth mentioning that Microsoft is also willing to pay more, depending on the impact and the severity of the reported vulnerabilities, as well as the quality of the submission.
This is the second time in 2025 Microsoft has been increasing bounty rewards.
In mid-February 2025, the company announced it was ‘enhancing security and incentivizing innovation’ by updating its Copilot (AI) bug bounty program and raising the reward to $5,000.
Bug bounties are used by software firms in collaboration with security researchers to root out vulnerabilities that could otherwise be exploited by threat actors – and Microsoft even runs its own Black-hat like event with up to $4 million in potential awards for cloud and AI flaws.
Via BleepingComputer