Microsoft announced the launch of Zero Day Quest, a major expansion of its bug bounty programs, which focuses on uncovering high-impact vulnerabilities in cloud and artificial intelligence technologies.
Under the program, Microsoft will double bounty rewards for eligible AI vulnerabilities from November 19, 2024, to January 19, 2025, and give researchers direct access to the company's dedicated AI engineers and the AI Red Team, which specializes in investigating AI. Potential security flaws systems. This initiative is part of Microsoft's broader Secure Future initiative, which was launched to proactively address security vulnerabilities across its broad range of products and services.
Microsoft will also add additional reward multipliers for valid, important, or critical critical issues across Microsoft AI, Azure, Microsoft Identity, M365, Dynamics 365, and Power Platform for the duration of the challenge.
Entries can also qualify researchers for one of 45 spots at an on-site hackathon event at Microsoft's headquarters in Redmond, Washington, which will be held in 2025.
“Zero Day Quest will provide new opportunities for the security community to work alongside Microsoft engineers and security researchers — bringing together the best minds in security to share, learn, and build community as we work to keep everyone safe,” Tom Gallagher, vice president of engineering at the Security Response Center, wrote for Microsoft, in a blog post published on Tuesday.
The company plans to share post-discovery insights through its Common Vulnerabilities and Exposures (CVE) program to allow the entire industry to learn from identified security issues. This event reinforces Microsoft's commitment to raising security standards and creating deeper partnerships within the cybersecurity community, ensuring stronger defenses across its platforms in light of increasing threats and previous security breaches involving its products.
“This event is not just about finding vulnerabilities; “It's about fostering new partnerships and deepening existing partnerships between Microsoft's Security Response Center, product teams, and external researchers — raising the bar on security for everyone,” Gallagher wrote.
More details about the program can be found at the Microsoft Security Response Center.
