Microsoft paid a record $17 million this year to 344 security researchers across 59 countries through its bug bounty program.

Between July 2024 and June 2025, the researchers submitted a total of 1,469 eligible vulnerability reports, with the highest individual bounty reaching $200,000.

These reports helped resolve more than 1,000 potential security vulnerabilities across various Microsoft products and platforms, including Azure, Microsoft 365, Dynamics 365, Power Platform, Windows, Edge, and Xbox.

"By incentivizing independent researchers to identify vulnerabilities in high-impact areas, including the rapidly evolving field of AI, we're able to stay ahead of emerging threats," Microsoft stated in its annual bounty program review.

"Through Coordinated Vulnerability Disclosure, these

See Full Page