Microsoft has announced significant expansions to its Copilot AI bug bounty program, introducing higher payouts and broader coverage for its AI-powered services. The program now encompasses additional consumer products, including Copilot integrations for Telegram and WhatsApp, along with copilot.microsoft.com and copilot.ai platforms.

In a notable update, Microsoft has increased rewards for moderate severity vulnerabilities to up to $5,000, strengthening its commitment to security across the Copilot ecosystem. The program continues to cover Copilot Pro AI experiences in Microsoft Edge, mobile applications, Windows OS, and Bing’s generative search capabilities.

The reward structure ranges from $250 for low-severity issues such as Cross-Site Scripting (XSS) and Cross-Site Request Forgery (CSRF), up to $30,000 for critical vulnerabilities involving inference manipulation. This expansion follows recent updates to the Microsoft 365 Bounty Program, which now includes Viva products with rewards up to $27,000.

As part of its Secure Future Initiative (SFI), launched in response to criticism from the U.S. Department of Homeland Security’s Cyber Safety Review Board, Microsoft also introduced the Zero Day Quest program with $4 million in rewards, focusing on cloud and AI security improvements.

These enhancements demonstrate Microsoft’s increased focus on strengthening its cybersecurity posture across its AI-powered products and services while engaging the security research community in identifying potential vulnerabilities.