Microsoft announced an increase in bug bounty payouts to $30,000 for AI vulnerabilities found in Dynamics 365 and Power Platform services and products.
Power Platform includes applications designed to help companies analyze data and automate processes, while Dynamics 365 is a set of business apps that connect customers, products, people, and operations.
Eligible AI vulnerability types include inference manipulation, model manipulation, and inferential information disclosure of critical or important severity.
“We invite individuals or organizations to identify security vulnerabilities in targeted Dynamics 365 and Power Platform applications and share them with our team. Qualified submissions are eligible for bounty rewards of $500 to $30,000 USD,” the company says.
“To be eligible for AI Bounty Awards, such vulnerability must be Critical or Important severity as defined in the Microsoft Vulnerability Severity Classification for AI Systems and reproducible on a product or service listed in the In Scope Services and Products.”
While AI bounty awards range from $6,000 up to $30,000, higher payouts are also possible based on the impact and severity of the reported vulnerabilities and the quality of the submission.
During last year’s Ignite annual conference, Microsoft also expanded its bug bounty program by launching the Zero Day Quest, a hacking event focused on cloud and AI products and platforms. As announced on Monday, the company paid over $1.6 million to researchers who reported more than 600 vulnerabilities.
“We’re excited to share that we received more than 600 vulnerability submissions and awarded more than $1.6 million during the qualifying research challenge and live event,” said Tom Gallagher, Vice President of Engineering at Microsoft Security Response Center (MSRC).
“Nearly 100 researchers also participated in our training sessions, which included AI bug hunting with our AI Red Team, SSRF training with our engineering team, and tips and advice from the bounty team.”
Earlier this year, Redmond announced increased payouts for moderate severity Microsoft Copilot (AI) vulnerabilities and a 100% award multiplier for all Copilot bounty awards to incentivize AI research.