Efani<p>💰 Microsoft is offering up to $30,000 for AI vulnerabilities — and they’re not just talking bugs in code, but flaws in model behavior itself.</p><p>As part of its expanding bug bounty program, Microsoft is now rewarding security researchers who uncover critical AI vulnerabilities in its enterprise tools — including Dynamics 365, Power Platform, PowerApps, and Microsoft Copilot Studio.</p><p>Here’s what qualifies:<br>- Prompt Injection: Attacks where malicious prompts trigger unintended outputs <br>- Input Perturbation: Small input tweaks that trick models into making wrong predictions <br>- Model Poisoning: Manipulating model architecture or training data <br>- Inferential Disclosure: Exposing sensitive training data, model structure, or stealing the model itself </p><p>Top bounties (up to $30,000) are reserved for:<br>- Critical vulnerabilities that require no user interaction <br>- High-quality reports with reproduction steps <br>- Weaknesses that allow data exfiltration or privilege escalation</p><p>Researchers can test on free Microsoft trials and use official documentation to get started. Even if a submission doesn’t qualify for a cash reward, Microsoft says researchers will be recognized if their work improves AI security.</p><p>This new program is powered by Microsoft’s AI Vulnerability Severity Classification Framework — a structured approach to evaluating the security impact of prompt injection, data leakage, model evasion, and more.</p><p>As enterprise AI adoption accelerates, so do the risks. And Microsoft’s move is a clear sign: AI security is no longer experimental — it’s operational.</p><p>At Efani, we believe bug bounty programs like these are critical. In the age of AI, the attack surface isn’t just the software — it’s the behavior of the models themselves.</p><p><a href="https://infosec.exchange/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CyberSecurity</span></a> <a href="https://infosec.exchange/tags/BugBounty" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>BugBounty</span></a> <a href="https://infosec.exchange/tags/MicrosoftAI" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>MicrosoftAI</span></a></p>
Recent searches
Search options
#bugbounty
24 posts17 participants1 post today
Domingos 4, 11, 18 y 25 de Mayo. 
De 9:00 am a 12:00 pm (UTC -05:00). 
Información (PDF): https://www.reydes.com/archivos/cursos/Curso_Forense_Redes.pdf
#cybersecurity #hacking #readteam #bugbounty #forensics #osint
Uncover a stealthy XSS vulnerability that can execute in any user's authenticated session, learn how an attacker could craft a sophisticated ACSRF attack, and discover valuable insights on application-wide exploitation #infosec #BugBounty #Cybersecurity
Medium · Escalating Impact: Full Account Takeover in Microsoft via XSS in Login Flow
Finalizamos la tercera sesión del Curso OSINT - Open Source Intelligence 2025. Información: https://www.reydes.com/e/Curso_de_OSINT Información (PDF): https://www.reydes.com/archivos/cursos/Curso_OSINT_Open_Source_Intelligence.pdf ¡Gracias a todos los participantes!
#cybersecurity #hacking #readteam #bugbounty #forensics #osint
Top Web Application PenTesting Tools by Category 
Hashtags:
#WebSecurity #PentestingTools #EthicalHacking #BugBounty #WebAppSecurity #RedTeam #OWASP #CyberSecurity
Disclaimer:
This content is for educational purposes only. Only use these tools in environments where you have proper authorization. Hacking without permission is illegal and unethical.
Domingos 4, 11, 18 y 25 de Mayo. De 9:00 am a 12:00 pm (UTC -05:00). #cybersecurity #hacking #readteam #bugbounty #forensics #osint Información: https://www.reydes.com/e/Curso_Forense_de_RedesSQL Injection (SQLi) 
– Everything You Need to Know
What is SQL Injection?
SQL Injection is a code injection technique that allows attackers to interfere with the queries an application makes to its database.
Types of SQLi:
1. In-band SQLi – Most common and easy to exploit.
2. Blind SQLi – Data isn’t visibly returned but can still be extracted through inference.
3. Out-of-band SQLi – Uses external servers to get results (less common but powerful).
4. Time-Based Blind SQLi – Server delay used to infer info from the database.
Attack Scenarios:
Common SQLi Targets:
Login formsSearch boxesURL parametersCookiesContact or feedback forms
How to Prevent SQLi:
Red Team Tip
Test all user input points, especially where data touches the database. Think beyond login forms—SQLi hides in unexpected places.
Hashtags:
#SQLInjection #CyberSecurity #EthicalHacking #InfoSec #WebSecurity #RedTeam #BugBounty #Pentesting
Disclaimer:
This content is for educational purposes only. Always perform security testing with explicit permission. Unauthorized testing is illegal and unethical.
