This evening, we kicked off BlueHat with a welcome reception, bringing together our speakers, MSRC MVRs, Microsoft leadership, and the MSRC team. A huge thank you to everyone who joined us and contributed to setting the stage for a successful #BlueHat!
Microsoft Security Response Center
Computer and Network Security
Protecting customers and Microsoft from current and emerging threats related to security and privacy.
About us
The Microsoft Security Response Center (MSRC) is dedicated to safeguarding customers and Microsoft from security threats. With over two decades of experience, we focus on prevention, rapid defense, and community trust. Together, we’ll continue to protect our users and the broader ecosystem.
- Website
-
https://www.microsoft.com/en-us/msrc
External link for Microsoft Security Response Center
- Industry
- Computer and Network Security
- Company size
- 10,001+ employees
- Specialties
- Cybersecurity, Security response, Incident response, Bug bounty, Security research, and BlueHat
Updates
-
Join Nic Fillingham and Wendy Zenone on The BlueHat Podcast as they chat with Johann Rehberger, Red Team director at EA. Johann shares his career journey from Microsoft to Uber and EA, and dives into his expertise in red teaming and cybersecurity. He also discusses his BlueHat 2024 talk on prompt injection vulnerabilities, the importance of stricter default settings for AI tools, and why developers should implement stronger filters for token emissions. Plus, he emphasizes the need to read technical documentation to understand AI systems. Tune in now: https://lnkd.in/gPytnURY #BlueHat
-
-
To help protect against NTLM relay attacks, we’ve enabled Extended Protection for Authentication (EPA) by default in Windows Server 2025. This update strengthens key services like Exchange Server, Active Directory Certificate Services (AD CS), and LDAP, making identity compromise and unauthorized access more difficult. Learn more about these security improvements and how they can help protect your systems in our blog post: https://lnkd.in/eHBVcWxS
-
Security updates for December 2024 are now available. Details are available here: https://msft.it/60119yPTS #PatchTuesday #SecurityUpdateGuide
-
-
We’re excited to announce LLMail-Inject: The Adaptive Prompt Injection Challenge! This challenge will test your skills at bypassing LLM-based systems in a simulated environment and features 40 levels of varying difficulty, where you will craft emails to persuade an LLM agent to perform specific actions. No GPUs or LLM API credits needed—just sign up with your GitHub account and form a team. The top 4 teams will share a prize pool of $10,000 USD. Ready to take part in the challenge? Check out our blog post to learn how to get started: https://lnkd.in/gK4VDv8i
-
-
On a recent episode of The BlueHat Podcast, James Hull, Security Program Manager at MSRC, shared insights into his role in reviewing vulnerability reports and managing cases. He breaks down the submission process, the types of reports MSRC accepts, and what happens after a researcher submits a potential vulnerability. The discussion also highlights how accessible the portal is for anyone interested in identifying security issues, whether you're a professional or a hobbyist. Jim emphasizes the importance of providing clear proof of concept when submitting a vulnerability and walks through the steps MSRC takes to triage, reproduce, and resolve reports. Tune in now: https://lnkd.in/gjfYb4my #BlueHat
-
-
Are you a security researcher interested in AI bounty submissions? Join us to learn more about Microsoft's Bug Bounty Program and how to qualify for the Zero Day Quest. In this session, hosted by Lynn Miyashita and Andrew Paverd, we'll discuss Microsoft's approach to bug bounties and deep dive into the new vulnerability categories for AI security research. Don't miss out! Join us on December 17th at 9:30 AM PT for a virtual training session. Register now: https://lnkd.in/g6kaXZfY #ZeroDayQuest
-
-
In today's "Learn to Red Team AI Systems using PyRIT" training, Richard Lundeen, Martin Pouliot, and Ram Shankar Siva Kumar welcomed hundreds of attendees to discuss using PyRIT to find high-quality bugs in generative AI systems. If you missed the live session, you can watch the recording here: https://lnkd.in/gUSaN5fu Check out the attached deck for more insights. Here are some additional resources to support your AI security research: ▶️𝐏𝐲𝐑𝐈𝐓: https://lnkd.in/d_8yN3bT ▶️𝐀𝐈 𝐁𝐨𝐮𝐧𝐭𝐲: https://aka.ms/aibounty ▶️𝐌𝐢𝐜𝐫𝐨𝐬𝐨𝐟𝐭 𝐁𝐨𝐮𝐧𝐭𝐲 𝐏𝐫𝐨𝐠𝐫𝐚𝐦: https://aka.ms/bounty ▶️𝐒𝐮𝐛𝐦𝐢𝐭 𝐚 𝐫𝐞𝐩𝐨𝐫𝐭 𝐭𝐨 𝐭𝐡𝐞 𝐌𝐒𝐑𝐂: https://aka.ms/secure-at ▶️𝐌𝐒𝐑𝐂 𝐑𝐞𝐬𝐞𝐚𝐫𝐜𝐡𝐞𝐫 𝐑𝐞𝐬𝐨𝐮𝐫𝐜𝐞 𝐂𝐞𝐧𝐭𝐞r: https://lnkd.in/gzAsNN5K Additional Resources: ▶️𝐁𝐮𝐠 𝐁𝐚𝐫 𝐑𝐞𝐬𝐨𝐮𝐫𝐜𝐞𝐬 https://lnkd.in/g56uDbqz https://lnkd.in/gjyuSUY3 https://aka.ms/aibugbar ▶️𝐀𝐝𝐝𝐢𝐭𝐢𝐨𝐧𝐚𝐥 𝐎𝐒𝐒 𝐓𝐨𝐨𝐥𝐬 https://lnkd.in/dCjxbiEW https://lnkd.in/gBb7iiQb
-
Want to get a leg up on qualifying for the largest hacking event in history? Join our training session on December 2nd for expert tips on finding and submitting AI bugs with Richard Lundeen, Ram Shankar Siva Kumar, and Martin Pouliot. Learn to use PyRIT to find bugs in generative AI systems and gain insights from industry best practices. Join us on Dec 2 at 9:30 am PST. Register now: https://lnkd.in/gCNTNyGF #ZeroDayQuest
-
Our AI Red Team training is just one week away. Don't miss out! Learn to use PyRIT to find bugs in generative AI systems and get insights from industry best practices. Join us on Dec 2 at 9:30 am PST. Register now: https://lnkd.in/gCNTNyGF #ZeroDayQuest
To support AI bounty submissions, we are offering security researchers an opportunity to expand their bug-finding skills for AI systems. Microsoft’s AI Red Team has developed PyRIT, an open-source red team automation framework that complements manual testing efforts. During the session, you will learn how to effectively use PyRIT to identify failures and bugs in generative AI systems. This includes setting up targets, leveraging datasets, exploring various attack strategies, and utilizing the memory functionality. The session will provide insights from industry best practices and may help with qualification for the onsite Zero Day Hacking Event. Join us for the training on December 2, 2024, at 9:30 am PST. Please register at: https://msft.it/6048WQCke.
Learn to Red Team AI systems using PyRIT
microsoft.eventsair.com