MICROSOFT faces backlash from the cybersecurity community following its threat of criminal prosecution against a researcher known as Nightmare-Eclipse, who disclosed several zero-day exploits. This action was prompted after the researcher published multiple exploits, including vulnerabilities in Windows Defender.
Microsoft's Security Response Center labeled the disclosures as irresponsible, but the response incited criticism from infosec professionals, who argued that issuing threats against researchers could hinder vulnerability reporting and risk greater security issues. Notably, experts like Katie Moussouris and Casey John Ellis condemned Microsoft's approach, leading the company to eventually clarify that they do not intend to pursue legal action against individuals conducting security research. The incident also raises concerns about the growing complexities in vulnerability reporting exacerbated by AI-generated reports.