Feels like a really, really dumb decision. Has Microsoft forgotten the reason CVEs and bug bounties exist is to bring them to the light of day and prevent them being packaged and sold on the darkweb for abuse?

Or maybe AI tools are just helping researchers identify such a wealth of MS bugs that Microsoft is overwhelmed with notifications and pushing back by aggressively closing them?

Either way - this is a bad choice and will come back to bite them.