AMD Addresses Critical Security Flaw But Declines Reward for Researcher

• June 15, 2026

AMD recently resolved a serious security vulnerability found within its software update system that could have exposed users to remote code execution and man-in-the-middle attacks. The flaw was identified by an independent cybersecurity researcher earlier this year, with the initial discovery reported in February.

The vulnerability affected the update mechanism employed by AMD, potentially allowing attackers to intercept communications or execute malicious code remotely. Upon being informed, AMD collaborated with the researcher to address the issue.

Delay in Reward and Resolution Timeline

While AMD successfully patched the flaw, the resolution process took a total of 124 days, from the initial report to the deployment of the fix. Despite the researcher’s cooperation and timely disclosure, the company declined to issue the $10,000 reward initially discussed as part of the bug bounty or vulnerability disclosure program.

The decision to withhold the bounty has sparked discussion within security communities about the transparency and incentives provided by corporations when external experts assist in safeguarding their products. The researcher played a key role in highlighting a critical exposure, yet was denied financial recognition for these contributions.

This incident underscores ongoing challenges in the relationship between large technology firms and independent security researchers. While collaboration remains necessary for prompt identification and mitigation of security risks, disputes over compensation can undermine trust and hinder future cooperation.

AMD has not publicly elaborated on the rationale behind its decision to refuse the reward. Meanwhile, the patch aims to protect millions of AMD users from potential exploitation via its update infrastructure, reinforcing the importance of vigilance in supply-chain security and software maintenance.

As cybersecurity threats continue to evolve, the industry is increasingly reliant on ethical hackers and researchers to uncover vulnerabilities. Establishing fair frameworks for acknowledgment and rewards is vital to encourage ongoing contributions toward a safer digital ecosystem.

AMD patched a significant vulnerability in its software updates but refused a $10,000 reward to the researcher who reported it.