Microsoft will now reward researchers for identifying critical vulnerabilities in any of its online services, regardless of the code's origin. This change aims to enhance security by incentivizing the discovery of flaws in both Microsoft's own and third-party components that impact its services.

Microsoft awarded $17 million to 344 security researchers in the past year through its bug bounty programs, marking the highest annual payout since the programs began in 2018. The total amount distributed across all years now reaches $92.5 million, with ongoing updates to enhance program coverage and align with emerging security challenges.

Microsoft has increased bug bounty payouts to $30,000 for identifying AI vulnerabilities in its Dynamics 365 and Power Platform services. Eligible vulnerabilities include critical types such as inference manipulation and model manipulation, with higher rewards available based on severity and submission quality. The company previously reported over $1.6 million in payouts to researchers during a recent event focused on cloud and AI products.