Microsoft will provide as much as $5 million bounty awards at this 12 months’s Zero Day Quest Hacking Contest. The corporate describes it as “the most important hacking occasion in historical past.”
Final 12 months’s Zero Day Quest additionally produced vital participation from the safety neighborhoodfollows Microsoft’s provide $4 million reward for vulnerabilities in cloud and AI merchandise and platforms. After the top of the November hacking competitors, Microsoft introduced it had paid $1.6 million for greater than 600 vulnerabilities submitted.
On this 12 months’s competitors, Redmond will enhance its prize pool to $5 million and give attention to addressing safety points in cloud computing and synthetic intelligence.
Between August 4th and October 4th, 2025, Microsoft accepts submissions as a part of a analysis query open to all safety researchers, and members are additionally eligible to extend their prize funds to report important vulnerabilities.
“We offer +50% prize multiplier for important severity vulnerabilities and stunning situations found throughout analysis agendas alongside new and present Microsoft Azure, Copilot, Dynamics 365 and Energy Platform, Identification, or M365 Bounty Applications to acknowledge and reward probably the most impactful analysis,” Microsoft stated. “If the submission qualifies for each normal multipliers and affect multipliers, the next worth applies.”
High Efficiency researchers will qualify for a dwell hacking occasion at Microsoft’s Redmond Campus in spring 2026. Invitation-only contests permit main safety researchers to work instantly with the Microsoft Safety Response Middle and the Microsoft Product crew.
The corporate can even assist members by coaching classes from AI RED groups, MSRC and dynamics groups protecting AI programs testing, bug prize applications and safety analysis methodologies.
The competition is a part of Microsoft’s Safe Future Initiative (SFI), a cybersecurity engineering initiative launched in November 2023, and following a report by the US Division of Homeland Safety Cyber Security Overview Board, it states that the corporate’s safety tradition is “insufficient and requires oversight.”
“As a part of the Safe Future Initiative (SFI), we transparently share important vulnerabilities by our CVE program, even when buyer actions will not be required,” Microsoft stated. “Studying from Zero Day Quest is shared throughout Microsoft and helps enhance cloud and AI safety in tuning with SFI core rules. It’s protected by default, design, and operation.”
On Friday, Microsoft additionally introduced that it had elevated its .NET bug bounty program by rising its rewards to $40,000 for some .NET and ASP.NET Core vulnerabilities.
Earlier this 12 months, the corporate additionally introduced a rise in prize cash awards of as much as $30,000 for energy platform and dynamics 365 AI vulnerabilities, and saying increased funds for reasonably radical Microsoft Copilot (AI) safety flaws. Moreover, a 100% award multiplier was launched to all Copilot Bounty Awards to encourage analysis in AI.
