AMD Faces Backlash Over Bug Bounty Dispute After Critical Vulnerability

AMD has been criticized for not paying a $10,000 bug bounty to a researcher who discovered a critical security flaw affecting its processors. The vulnerability, identified as CVE-2026-1234, allows attackers to execute arbitrary code and has been present for 124 days before being patched. The researcher reported the issue in January 2026, but AMD's delay in addressing it has raised concerns about the company's commitment to security. The flaw impacts multiple AMD processor models, potentially affecting millions of users worldwide. The incident has sparked discussions about the ethics of bug bounty programs and the responsibilities of companies to their security researchers.

Key Points: • AMD failed to pay a $10,000 bug bounty for a critical vulnerability discovered by a researcher. • The vulnerability, CVE-2026-1234, allows for arbitrary code execution and was patched after 124 days. • The incident highlights ongoing issues in the relationship between companies and security researchers.