Microsoft 365 Copilot Bounty | MSRC (original) (raw)

PROGRAM DESCRIPTION

The Microsoft 365 Copilot bounty program invites security researchers participating in the Zero Day Quest Live Hacking Event to discover vulnerabilities in the new, innovative Microsoft 365 Copilot. Qualified submissions are eligible for bounty rewards from 250to250 to 250to30,000 USD.

This bounty program runs from February 17, 2026 to March 18, 2026 as part of the Zero Day Quest Live Hacking Event. Only researchers participating in the Zero Day Quest Live Hacking Event are eligible for the bounty awards in this program.

ELIGIBLE SUBMISSIONS

The goal of the Microsoft Bug Bounty program is to uncover significant technical vulnerabilities that have a direct and demonstrable impact on the security of our customers.

In addition to the eligibility requirements listed on the Bounty Program Guidelines page, vulnerability submissions must meet the following criteria to be eligible for bounty awards:

• Such vulnerability must be Critical or Important severity as defined by the Microsoft Vulnerability Severity Classification for AI Systems and the Microsoft Vulnerability Severity Classification for Online Services and reproducible on the latest, fully patched version of the product or service.

We request researchers include the following information to help us quickly assess their submission:

• Obtain the conversation ID of the chat you want to report by typing /id.
• Report the conversation to Microsoft by clicking the “thumbs down” button below the Copilot’s response. In the box titled “Submit feedback to Microsoft” enter “MSRC report” followed by the conversation ID.
• Submit a report through the MSRC Researcher Portal, and select “Copilot, AI+ML, and LLMs” in the “Product” section of the vulnerability submission.
• In the report, please include the conversation ID obtained above and provide a detailed description of the vulnerability, including details of how you would expect the system to behave.

Microsoft may accept or reject any submission at our sole discretion that we determine does not meet the above criteria.

SCOPE

Vulnerabilities submitted in the following Product(s) are eligible under this bounty program when tested using a work or school account:

• Microsoft 365 Copilot hosted on m365.cloud.microsoft
  • Researcher agent
  • Analyst agent
• Microsoft 365 Copilot integrated in Microsoft Edge (Windows)
• Microsoft 365 Copilot Application mobile applications: iOS and Android
• Microsoft 365 Copilot in Windows OS, via the Microsoft 365 Copilot Application
• Microsoft 365 Copilot in Excel
• Microsoft 365 Copilot in OneDrive
• Microsoft 365 Copilot in Outlook
• Microsoft 365 Copilot in PowerPoint
• Microsoft 365 Copilot in SharePoint
• Microsoft 365 Copilot in Teams
• Microsoft 365 Copilot in Word

Related Bounty Programs

Submission identifying vulnerabilities in Microsoft 365 applications will be considered under the Microsoft 365 Insider Preview Bounty Program and will not qualify for the Zero Day Quest Live Hacking Event leaderboard.

All submissions are reviewed for bounty eligibility, so don’t worry if you aren’t sure where your submission fits. We will route your report to the appropriate program.

GETTING STARTED

Please follow the guidance below to create a test personal account for security testing and probing. Please follow the Research Rules of Engagement to avoid harm to customer data, privacy, and service availability.

In all cases, where possible, please include the string “MSOBB” in your account name and/or tenant name to identify it as being used for security research.

• Access Microsoft 365 Copilot here and log in or register for a work or school account.
• Check out sessions from the AI Red Team, Microsoft Security Response Center, and more:
  • Learn to Red Team AI Systems Using PyRIT
  • Microsoft's Bug Bounty Program and AI Research
  • Security Research in Copilot Studio
  • Security Chats: High-Impact AI & Office Research
  • Zero Day Quest training: Optimizing MSRC AI vulnerability submissions

BOUNTY AWARDS

Bounty awards range from 250upto250 up to 250upto30,000. Higher awards are possible, at Microsoft’s sole discretion, based on the severity and impact of the vulnerability and the quality of the submission. Eligible submissions will be awarded the single highest qualifying award.

Researchers who provide submissions that do not qualify for bounty awards may still be eligible for public acknowledgement if their submission leads to a vulnerability fix.

OUT-OF-SCOPE SUBMISSIONS AND VULNERABILITIES

Microsoft is happy to receive and review every submission on a case-by-case basis, but some submission and vulnerability types may not qualify for bounty award.

If your submission is evaluated as out-of-scope for this individual bounty program, it may still qualify for an award under theStandard Award Policy.

Here are some of the common low-severity or out-of-scope issues that typically do not earn bounty awards:

• Publicly-disclosed vulnerabilities which have already been reported to Microsoft or are already known to the wider security community.
• Vulnerability patterns or categories for which Microsoft is actively investigating broad mitigations.
• AI prompt injection attacks that do not have a security impact on users other than the attacker.
• Model hallucination where model pretends to run arbitrary code provided to it.
• Attacks that aim to leak (part of) the system/meta prompt.
• Content-related issues that appear to be inaccurate, factually incorrect, or offensive.
  • Content-related issues can be reported to the MSRC Researcher Portal. In the Security Impact section, select “AI derived harm”.
• Vulnerabilities in a user-created agent that has an insecure design or implementation.
• Out of scope vulnerability types, including:
  • Vulnerabilities requiring physical access to hardware components
  • URL Redirects (unless combined with another vulnerability to produce a more severe vulnerability)
  • Cookie replay vulnerabilities
  • Sub-Domain Takeovers
  • Denial of Service issues
  • Low impact CSRF bugs (e.g. logoff)
  • Server-side information disclosure such as IPs, server names and most stack traces. Debug pages and reverse minified JS are also out of scope
• Vulnerabilities that are addressed via product documentation updates, without change to product code or functionality.
• Vulnerabilities based on user configuration or action, for example:
  • Vulnerabilities requiring extensive or unlikely user actions
  • Vulnerabilities in user-created content or applications
• Vulnerabilities based on third parties, for example:
  • Vulnerabilities in third party software provided by Azure, such as gallery images and ISV applications.
  • Vulnerabilities in platform technologies that are not unique to the online services in question (e.g. Apache or IIS vulnerabilities)
• Vulnerabilities in a web application that only affect unsupported browsers and plugins.
• Training, documentation, samples, and community forum sites related to Microsoft 365 Copilot products and services are not in scope for bounty awards.

Microsoft reserves the right to reject any submission that we determine, at our sole discretion, falls into any of these categories of vulnerabilities even if otherwise eligible for a bounty.

ADDITIONAL INFORMATION

For additional information, please see our FAQ.

REVISION HISTORY

• February 17, 2026: Program launched as part of the Zero Day Quest Live Hacking Event.
• March 4, 2026: Update Out of Scope Submissions and Vulnerabilities section.
• April 7, 2026: Updated Getting Started section.