微软推出Zero Day Quest 2026竞赛,提供高达5百万美元奖金,鼓励研究人员发现云和AI系统漏洞。活动分提交阶段(2025年8月至10月)和现场比赛(2026年春天),参与者可赢取更高奖金并合作提升安全性。微软支持公开分享成果,并通过CVE披露关键漏洞。 2025-8-5 17:51:17 Author: securityaffairs.com(查看原文) 阅读量:12 收藏
Zero Day Quest returns: Microsoft ups the stakes with $5M bug bounty
Microsoft offers up to $5M for Zero Day Quest 2026 bug hacking contest; top researchers join live hacking event after fall 2025 submissions.
Microsoft is bringing back its live hacking contest, Zero Day Quest, in spring 2026, and this time, it’s offering up to $5 million in rewards. The competition will spotlight researchers who uncover serious security flaws in cloud and AI systems. This is the second time the event is being held. In the first one, Microsoft gave out $1.6 million for finding major security flaws.
“This year, Zero Day Quest is back with even more potential bounty awards: up to $5 million total for high-impact research in Cloud and AI security.” reads the announcement published by the tech giant. “This is the largest public hacking event ever, bringing together the top global security researchers for an opportunity to protect the world.”
— Security Response (@msftsecresponse) March 5, 2025Microsoft’s Zero Day Quest Live Hacking Event is happening now through April 3! This invite-only opportunity brings together top security researchers to help strengthen the security of Microsoft’s AI and cloud products.
As part of this event, we’re offering exclusive bounty… pic.twitter.com/Km9O8Zr1be
From August 4 to October 4, 2025, security researchers can join Microsoft’s Zero Day Quest Research Challenge by submitting vulnerabilities in Azure, Copilot, Dynamics 365, Power Platform, Identity, or M365. Top findings may earn a +50% bounty bonus and a spot at the exclusive Live Hacking Event in spring 2026 at Microsoft’s Redmond campus, where leading experts will collaborate with Microsoft product teams and the Microsoft Security Response Center (MSRC) to advance security.
Microsoft encourages researchers to share their findings publicly after fixes, with support for blogs, podcasts, and videos. As part of its Secure Future Initiative (SFI), Microsoft will disclose critical vulnerabilities through the CVE program, even if no user action is needed. Insights from Zero Day Quest will be shared internally to strengthen cloud and AI security, following SFI’s principles.
“In alignment with our Coordinated Vulnerability Disclosure (CVD), researchers are encouraged to publicly discuss their findings once mitigated – with support from Microsoft through blogs, podcasts, and videos.” concludes the announcement.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, Zero Day Quest)
如有侵权请联系:admin#unsafe.sh