Microsoft is launching Zero Day Quest, a new in-person hacking event that aims to be the largest of its kind. Building on the company’s existing bug bounty program, the initiative is designed to encourage research into critical security vulnerabilities impacting the software behind cloud and artificial intelligence (AI) workloads.
Tom Gallagher, Microsoft’s Vice President of Engineering at the Security Response Center, describes the event as a milestone in the field of cybersecurity. “This new hacking event will be the largest of its kind, with an additional $4 million in potential awards for research into high-impact areas, specifically cloud and AI,” Gallagher explains. He emphasizes that Zero Day Quest will foster collaboration between Microsoft engineers and external security researchers, offering a platform for sharing insights and building a stronger security community. “Bringing together the best minds in security to share, learn, and build community is critical as we work to keep everyone safe,” Gallagher adds.
The event officially begins today, with Microsoft now accepting submissions for security research eligible for bounty awards. Participants whose submissions meet the criteria will have the opportunity to attend the in-person hacking event, scheduled to take place at Microsoft’s headquarters in Redmond, Washington, in 2025.
Doubling Down on AI Security Incentives
To further enhance its focus on artificial intelligence security, Microsoft is doubling the rewards it offers for AI-related bug bounties. In addition to these increased incentives, the company will grant researchers direct access to its AI engineers and the AI Red Team—a specialized group dedicated to testing Microsoft’s AI systems for potential vulnerabilities and failures. This unique opportunity aims to bridge the gap between external researchers and internal experts, ensuring a comprehensive approach to identifying and addressing security flaws in AI systems.
Transparency remains a key component of this initiative. According to Vasu Jakkal, Microsoft’s Corporate Vice President of Security, the company plans to share details of the discovered vulnerabilities once they are resolved. “As part of our ongoing commitment to transparency, we will share the details of the bugs once they are fixed so the whole industry can learn from them — after all, security is a team sport,” Jakkal explains. Critical vulnerabilities will also be reported through the Common Vulnerabilities and Exposures (CVE) program. Moreover, Microsoft will disseminate insights across its ecosystem to enhance the security of its cloud and AI products.
A Broader Security Transformation
The launch of Zero Day Quest aligns with Microsoft’s broader efforts to overhaul its security practices. Earlier this year, the company declared security its top priority for all employees, signaling a significant shift in its organizational approach. This transformation comes in response to persistent security challenges and criticism, including a recent report from the U.S. Cyber Safety Review Board that scrutinized the company’s security framework.
In addition to the hacking event, Microsoft is introducing Security Exposure Management, a tool designed to help organizations proactively identify potential attack vectors. This feature provides defenders with a graph-based view of critical security elements, such as login credentials and permissions, allowing businesses to better understand and address vulnerabilities in their systems.
Strengthening Collaboration in Cybersecurity
Microsoft’s initiatives reflect a growing recognition that cybersecurity is a collective effort requiring collaboration across industries. By incentivizing cutting-edge research, fostering partnerships between internal and external experts, and promoting transparency, Microsoft aims to set new standards in securing cloud and AI technologies. The company’s commitment to sharing its findings through the CVE program and other channels underscores the importance of collective learning in addressing complex security challenges.
As cyber threats continue to evolve, events like Zero Day Quest are likely to play a pivotal role in shaping the future of cybersecurity. By bringing together top talent, offering substantial incentives, and prioritizing transparency, Microsoft seeks to fortify its defenses and contribute to a safer digital ecosystem for all.