Zero Day Quest 2025: $1.6 million awarded for vulnerability research 微软举办Zero Day Quest竞赛，邀请全球顶尖安全研究人员挑战Copilot和云安全场景，并提供高达4百万美元奖金。活动收到600多个漏洞提交，奖励160万美元，并开展培训和技术讨论。未来将每年举办并继续投资于与研究社区的合作。... 2025-4-21 07:0:0 | 阅读: 2 | 收藏 | Microsoft Security Response Center - msrc.microsoft.com security microsoft quest copilot awards

Announcing the winners of the Adaptive Prompt Injection Challenge (LLMail-Inject) 微软举办首届自适应提示注入挑战赛 LLMail-Inject，旨在提升对间接提示注入攻击的防御能力。参赛者模拟攻击者通过邮件操控LLM执行未授权操作，使用多种防御措施和模型进行测试。比赛吸引了621名参与者和224支队伍，提交超37万次尝试。获胜团队分享策略并获表彰，比赛为AI安全教育提供实践机会，并宣布启动新挑战Re:LLMail-Inject。... 2025-3-14 07:0:0 | 阅读: 1 | 收藏 | Microsoft Security Response Center - msrc.microsoft.com defenses llm prize injection competition

Jailbreaking is (mostly) simpler than you think 文章介绍了一种名为Context Compliance Attack（CCA）的简单越狱技术，通过在对话历史中注入虚假助手回应来诱导AI生成受限内容。该方法针对依赖客户端提供对话历史的AI系统有效，而保留服务器端对话状态的系统如Copilot和ChatGPT则不受影响。微软提供了开源工具PyRIT用于复现此攻击，并建议采用加密签名和服务器端历史管理等缓解措施。... 2025-3-13 07:0:0 | 阅读: 0 | 收藏 | Microsoft Security Response Center - msrc.microsoft.com cca pyrit microsoft safeguards

Exciting updates to the Copilot (AI) Bounty Program: Enhancing security and incentivizing innovation 微软宣布更新其Copilot（AI）漏洞赏金计划，整合在线服务漏洞分类标准、增加中等严重程度漏洞奖励，并扩大适用范围以涵盖更多Copilot产品和服务。... 2025-2-7 08:0:0 | 阅读: 1 | 收藏 | Microsoft Security Response Center - msrc.microsoft.com copilot microsoft security commitment

Scaling Dynamic Application Security Testing (DAST) Table of Contents IntroductionWhy most enterprises have trouble... 2025-1-21 08:0:0 | 阅读: 2 | 收藏 | Microsoft Security Response Center - msrc.microsoft.com dast security openapi microsoft

Congratulations to the Top MSRC 2024 Q4 Security Researchers! Congratulations to all the researchers recognized in this quarter’... 2025-1-15 08:0:0 | 阅读: 0 | 收藏 | Microsoft Security Response Center - msrc.microsoft.com leaderboard security quarter assessed

Mitigating NTLM Relay Attacks by Default Introduction In February 2024, we released an update to Exchange S... 2024-12-9 16:0:0 | 阅读: 1 | 收藏 | Microsoft Security Response Center - msrc.microsoft.com epa exchange windows relaying security

Announcing the Adaptive Prompt Injection Challenge (LLMail-Inject) We are excited to introduce LLMail-I... 2024-12-6 16:0:0 | 阅读: 20 | 收藏 | Microsoft Security Response Center - msrc.microsoft.com injection llm llmail inject attacker

Securing AI and Cloud with the Zero Day Quest Our security teams work around the clock to help protect every person and organization on the... 2024-11-19 16:0:0 | 阅读: 0 | 收藏 | Microsoft Security Response Center - msrc.microsoft.com security microsoft quest awards

Toward greater transparency: Publishing machine-readable CSAF files Welcome to the third installment in our series on transparency at the Microsoft Security Respo... 2024-11-12 16:0:0 | 阅读: 0 | 收藏 | Microsoft Security Response Center - msrc.microsoft.com microsoft security csaf cvrf

Congratulations to the Top MSRC 2024 Q3 Security Researchers! Congratulations to all the researchers recognized in this quarter’s... 2024-10-23 15:0:0 | 阅读: 3 | 收藏 | Microsoft Security Response Center - msrc.microsoft.com leaderboard security quarter assessed

Announcing the BlueHat 2024 Sessions 34 sessions from 54 presenters representing 20 organizations! We a... 2024-10-22 15:0:0 | 阅读: 2 | 收藏 | Microsoft Security Response Center - msrc.microsoft.com microsoft security bluehat scaling cloud

Announcing BlueHat 2024: Call for Papers now open The 23rd edition of Microsoft’s Blue... 2024-8-7 15:0:0 | 阅读: 2 | 收藏 | Microsoft Security Response Center - msrc.microsoft.com security bluehat microsoft papers

Congratulations to the MSRC 2024 Most Valuable Security Researchers! The Microsoft Researcher Recognitio... 2024-8-6 15:0:0 | 阅读: 2 | 收藏 | Microsoft Security Response Center - msrc.microsoft.com badges annual recognizes mvr

Microsoft Bounty Program Year in Review: $16.6M in Rewards We are excited to announce that this... 2024-8-5 15:0:0 | 阅读: 6 | 收藏 | Microsoft Security Response Center - msrc.microsoft.com microsoft security awards guidelines

Introducing the MSRC Researcher Resource Center Microsoft partners with the global security researcher community to surface and report securit... 2024-7-31 15:0:0 | 阅读: 0 | 收藏 | Microsoft Security Response Center - msrc.microsoft.com security microsoft onboarding

Congratulations to the Top MSRC 2024 Q2 Security Researchers! Congratulations to all the researche... 2024-7-24 15:0:0 | 阅读: 4 | 收藏 | Microsoft Security Response Center - msrc.microsoft.com leaderboard security quarter assessed

Announcing the CVRF API 3.0 upgrade At the Microsoft Security Response Center, we are committed to continuously improving the secu... 2024-7-11 15:0:0 | 阅读: 10 | 收藏 | Microsoft Security Response Center - msrc.microsoft.com security powershell cvrf staying

What’s new in the MSRC Report Abuse Portal and API The Microsoft Security Response Center (MSRC) has always been at the forefront of addressing c... 2024-7-3 15:0:0 | 阅读: 4 | 收藏 | Microsoft Security Response Center - msrc.microsoft.com microsoft threats publisher malicious fraudulent

Toward greater transparency: Unveiling Cloud Service CVEs Welcome to the second installment in our series on transparency at the Microsoft Security Resp... 2024-6-27 15:0:0 | 阅读: 1 | 收藏 | Microsoft Security Response Center - msrc.microsoft.com microsoft security cloud cves