Microsoft Says Publishing Proof-Of-Concept Code Is 'Criminal Activity.' Microsoft Owns GitHub. GitHub Is The World's Largest Distributor Of Proof-Of-Concept Code. Read That Sentence Three Times.

The Microsoft Security Response Center published a blog on May 27, 2026 titled "A shared responsibility: Protecting customers through Coordinated Vulnerability Disclosure." The post complains that several zero-day vulnerabilities — RedSun, UnDefend, BlueHammer, YellowKey, GreenPlasma, and MiniPlasma — were disclosed publicly without prior coordination with Microsoft. The post then makes a claim that needs to be quoted verbatim because the framing is the story:

Read that twice. Microsoft is asserting that publishing proof-of-concept exploit code for unpatched vulnerabilities is criminal activity, and that Microsoft's Digital Crimes Unit will bring cases against the researchers who do it.

Hold that statement next to a second fact. Microsoft owns GitHub. GitHub hosts more proof-of-concept exploit code than any other platform on the public internet. Every security researcher's PoC repository, every CVE exploit collection, every red-team toolkit, every offensive-security course's lab materials — all sit on Microsoft-owned infrastructure that Microsoft has not banned, removed, or coordinated against. The world's largest distributor of unpatched-vulnerability proof-of-concept code is the same company that just announced it will bring criminal cases against researchers who distribute unpatched-vulnerability proof-of-concept code.

This is not a subtle inconsistency. This is a load-bearing structural recursion that Microsoft's own May 27 blog post does not address.

Kevin Beaumont named the recursion first

Former Microsoft employee Kevin Beaumont wrote about this at DoublePulsar the same week, and the line that matters is also worth quoting verbatim:

CELA is Microsoft's legal department. Beaumont's question is the right question. The MSRC post's wording does not survive thirty seconds of legal scrutiny by a person who knows how disclosure works in practice. The phrase "those that enable their criminal activity" is doing the most dangerous work in the entire post — it gestures at a broad category of researchers, journalists, blog publishers, GitHub-issue-commenters, Reddit moderators, conference organizers, anyone who has ever shared a link to a PoC repository. The expansive framing is either deliberately chilling or sloppily drafted. Neither reading is good for Microsoft.

Beaumont's broader observation lands harder than the legal angle:

This is the core. The researcher Microsoft is mad at — going by the handle Nightmare Eclipse, posting in a style that reads like a former Microsoft employee — has been finding and publishing impactful vulnerabilities including, per Beaumont's writeup, a working BitLocker bypass for default Windows deployments that remains unpatched at the time of the MSRC blog. A real human is still the part of the supply chain producing the vulnerability findings that the magic-beans-AI-boxes do not. Microsoft's blog post about magic-beans-AI-boxes-protecting-customers is published in the same week that a real human's GitHub and GitLab accounts have been banned for publishing the vulnerabilities the magic-beans-AI-boxes did not catch.

The recursive procedural disappointment

The reporting from Lorenzo Franceschi-Bicchierai at TechCrunch fills in the disclosure-process detail that turns the recursion into a closed loop. Per the TechCrunch piece, Nightmare Eclipse:

• Contacted Microsoft through MSRC, the Microsoft Security Response Center portal

• Allegedly had their MSRC portal account access revoked by Microsoft

• Then published the vulnerabilities on GitHub (Microsoft-owned) and GitLab

• Then had their GitHub and GitLab accounts banned

This is the loop in its most direct form:

1. Microsoft offers researchers a portal for responsible disclosure.

2. A researcher uses the portal to report vulnerabilities.

3. Microsoft revokes the researcher's portal access.

4. The researcher publishes the vulnerabilities elsewhere, because they no longer have the portal access Microsoft revoked.

5. Microsoft, owner of the elsewhere, bans the researcher from the elsewhere.

6. Microsoft publishes a blog post complaining about the researchers who didn't use the portal they were banned from, and threatens criminal cases against them and against anyone who enables them.

7. Microsoft's blog post is hosted on Microsoft infrastructure.

The loop is structurally complete. Each step is taken by a unit of Microsoft against a researcher Microsoft has, by Microsoft's own admission, removed from Microsoft's own coordinated-disclosure pipeline. The complaint is about the absence of coordination. The coordination's absence is Microsoft's choice.

Beaumont closes the analysis with the question that should be the response from every other vendor watching this play out:

There is no answer in the MSRC blog post. There is no answer in any Microsoft communication subsequent to the post. The question is structurally unanswerable because the loop is structurally complete.

The defender-credibility cost

This is not a niche internal-disclosure-process argument. The MSRC post and the cascade of consequences shape how the entire defender community reads Microsoft going forward. Three concrete consequences worth naming.

First, every future Microsoft Patch Tuesday will be received against the backdrop of this blog post. Researchers who used to report quietly through MSRC are now going to weigh the portal-access-revocation risk against the public-disclosure-then-account-ban risk. Both outcomes are worse for the customer ecosystem than the historical model where MSRC was a credible coordination surface. The patches will be slower because the inbound report rate will drop. The customers will be less protected because the silence-rate will be higher.

Second, the legal framing in the MSRC post — "Digital Crimes Unit will continue bringing cases against these actors and those that enable their criminal activity" — has chilling-effect dynamics that extend well beyond Nightmare Eclipse. Every security researcher in the world who publishes PoC code now has to read that sentence and decide whether their work counts as criminal activity Microsoft will pursue. Researchers from outside the US who lack US-tier legal protection will read it with more weight than US researchers. Defender talent migration away from Microsoft-product-focused research will continue.

Third, the recursive-platform-ownership angle — Microsoft suspending researchers from Microsoft-owned GitHub for publishing Microsoft-product vulnerabilities — sets a precedent that other platform owners can copy. Google could ban researchers from Google-owned platforms for publishing Google-product vulnerabilities. Amazon could ban researchers from Amazon-owned platforms for publishing AWS vulnerabilities. The precedent makes the entire platform-tier-disclosure ecosystem more fragile, not less. The vendor with the largest platform-ownership footprint sets the floor for the entire industry. Microsoft has the largest platform-ownership footprint.

Where we sit on this

DugganUSA is in the public-attribution business. We file adversary records, publish IOCs, ship daily threat-intelligence blog posts, send contributions to MITRE ATT&CK (we sent one tonight, before this MSRC story crossed our feed), and operate a STIX feed that downstream defenders consume. We are precisely the population the MSRC blog's "those that enable their criminal activity" framing gestures at, depending on how broadly Microsoft chooses to read it.

The same evening this post is published, a named operator we attributed in a different blog post yesterday found Patrick personally to yell at him. The threat-of-consequence-from-named-party is the cost of public-attribution work, and we accept it as part of the posture. What is different about the MSRC framing is that the threat-of-consequence is not coming from the named adversary — it is coming from the platform vendor that the attribution work depends on. That is a different category of structural risk.

The defender posture that follows is the same posture we have been writing all month under the informed-acceleration and asymmetry-take-the-fight frames. The receipts compound. The archive persists. The cross-corpus correlation runs on a $384/month stack against threat-intel that includes some Microsoft-product-named campaigns and will continue to include them regardless of the MSRC blog's framing.

And there is a sharper version of where we sit. By writing this post — by naming the six vulnerabilities Microsoft is angry about (RedSun, UnDefend, BlueHammer, YellowKey, GreenPlasma, MiniPlasma), by quoting the MSRC blog verbatim, by linking to Beaumont's DoublePulsar analysis and Franceschi-Bicchierai's TechCrunch reporting, by treating Nightmare Eclipse's disclosure as a legitimate subject of public defender-tier discussion — we are not adjacent to the blast radius of the MSRC post's "those that enable their criminal activity" framing. We are inside it the moment this post is published. Reporting on the policy is itself the act the policy gestures at as enabling. The recursion that swallowed Nightmare Eclipse's GitHub account also swallows every researcher and writer who treats Nightmare Eclipse's findings as worth discussing in public.

We publish anyway, because the alternative is letting a vendor-tier framing chill independent threat-intelligence reporting. That is the entire moat of the public-attribution business [[feedback-asymmetry-take-the-fight]]. If a platform vendor's blog post is sufficient to redirect what independent researchers can publish, the platform vendor controls the defender-credibility surface, and the customers Microsoft says it is protecting end up protected from the truth as well as from the threats. The chilling effect is the harm. The post is the response to the chilling effect.

The MSRC post and the Nightmare Eclipse account bans do not change our publication cadence. They do change what every defender in the industry is going to remember when the next Microsoft Patch Tuesday lands. The credibility cost is the cost. The customers Microsoft says it is protecting are the customers Microsoft's blog post made marginally less safe by reducing the coordination-surface size for the next round of vulnerability findings.

Read Beaumont's full writeup at DoublePulsar. Read Franceschi-Bicchierai's piece at TechCrunch. Read the MSRC blog post in its own words. The story is the recursion. The recursion is the receipt. The lock holds the key that opens it.

How do AI models see YOUR brand?

AIPM has audited 250+ domains. 15 seconds. Free while still in beta.

Audit your site now → aipmsec.com