Microsoft launches ‘Zero Day Quest’ competition to enhance cloud and AI security

The tech giant is upping the bounties attached to several popular systems.

November 19, 2024

Listen to this article

0:00

This feature uses an automated voice, which may result in occasional errors in pronunciation, tone, or sentiment.

(Jeenah Moon/Getty Images)

Microsoft has announced the launch of Zero Day Quest, a significant expansion of its bug bounty programs, focused on uncovering high-impact security vulnerabilities in cloud and AI technologies.

Under the program, Microsoft will double the bounty rewards for eligible AI vulnerabilities from Nov. 19, 2024, to Jan. 19, 2025, and give researchers direct access to the company’s dedicated AI engineers and the AI Red Team, which specializes in probing AI systems for potential security flaws. The initiative is part of Microsoft’s broader Secure Future Initiative, launched to pre-emptively address security vulnerabilities across its extensive suite of products and services.

Microsoft will also be adding bonus bounty multipliers for valid, important or critical severity issues across Microsoft’s AI, Azure, Microsoft Identity, M365, Dynamics 365, and Power Platform for the length of the challenge.

Submissions can also qualify researchers for one of 45 spots in an onsite hacking event at Microsoft headquarters in Redmond, Wash., which will be held in 2025.

“Zero Day Quest will provide new opportunities for the security community to work hand in hand with Microsoft engineers and security researchers — bringing together the best minds in security to share, learn, and build community as we work to keep everyone safe,” Tom Gallagher VP of engineering at the Microsoft Security Response Center, wrote in a blog entry posted Tuesday.

The company plans to share post-discovery insights through the Common Vulnerabilities and Exposures (CVE) program to allow the entire industry to learn from the identified security issues. The event reinforces Microsoft’s commitment to elevating security standards and creating deeper partnerships within the cybersecurity community, ensuring more robust defenses across its platforms in light of increasing threats and past security breaches involving its products.

“This event is not just about finding vulnerabilities; it’s about fostering new and deepening existing partnerships between the Microsoft Security Response Center, product teams, and external researchers — raising the security bar for all,” Gallagher wrote.

More details on the program can be found on Microsoft’s Security Response Center.