Microsoft is paying out some huge rewards for spotting AI security issues

News
By published

Bug bounties can earn you up to $30,000, and possibly more

A building at the Microsoft Headquarters campus in Redmond, Washington (2014).
(Image credit: Stephen Brashear/Getty Images)
  • Microsoft has upped the ante in its bug bounty program
  • Payouts can now be as high as $30,000
  • In some cases, the payout can even be higher

Microsoft is revealed it is now prepared to pay up to $30,000 in bounty to people who discover AI vulnerabilities in its Dynamics 365 and Power Platinum.

The company recently updated its bounty program with the new information.

"We invite individuals or organizations to identify security vulnerabilities in targeted Dynamics 365 and Power Platform applications and share them with our team. Qualified submissions are eligible for bounty rewards of $500 to $30,000 USD," the company said.

Get Keeper Personal for just $1.67/month, Keeper Family for just $3.54/month, and Keeper Business for just $7/month

Get Keeper Personal for just $1.67/month, Keeper Family for just $3.54/month, and Keeper Business for just $7/month

​Keeper is a cybersecurity platform primarily known for its password manager and digital vault, designed to help individuals, families, and businesses securely store and manage passwords, sensitive files, and other private data.

It uses zero-knowledge encryption and offers features like two-factor authentication, dark web monitoring, secure file storage, and breach alerts to protect against cyber threats.

Preferred partner (What does this mean?)

View Deal

Second increase

Microsoft is willing to shell out for inference manipulation flaws, model manipulation, and inferential information disclosure. The vulnerabilities need to be either important or critical in their severity.

"To be eligible for AI Bounty Awards, such vulnerability must be Critical or Important severity as defined in the Microsoft Vulnerability Severity Classification for AI Systems and reproducible on a product or service listed in the In Scope Services and Products."

Dynamics 365 is a cloud-based suite of integrated business applications that combines CRM and ERP capabilities, while Power Platform is a low-code development suite that enables users to analyze data, build apps, automate workflows, and create chatbots using Power BI, Power Apps, Power Automate, and Power Virtual Agents.

If $30,000 doesn’t seem like a lot of money for such vulnerabilities, it’s perhaps worth mentioning that Microsoft is also willing to pay more, depending on the impact and the severity of the reported vulnerabilities, as well as the quality of the submission.

This is the second time in 2025 Microsoft has been increasing bounty rewards.

In mid-February 2025, the company announced it was ‘enhancing security and incentivizing innovation’ by updating its Copilot (AI) bug bounty program and raising the reward to $5,000.

Bug bounties are used by software firms in collaboration with security researchers to root out vulnerabilities that could otherwise be exploited by threat actors - and Microsoft even runs its own Black-hat like event with up to $4 million in potential awards for cloud and AI flaws.

Via BleepingComputer

You might also like

TOPICS
Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.