Headline

Zero Day Quest: Join the largest hacking event with up to $5 million in total bounty awards

Last year, we announced the largest hacking event in history: Zero Day Quest, with up to $4 million in bounty awards. The response from the global security community was incredible and helped improve security for our customers and partners. This year, Zero Day Quest is back with even more potential bounty awards: up to $5 million total for high-impact research in Cloud and AI security.

14 days ago

msrc-blog

Open in Source

#vulnerability #ios #microsoft #zero_day

Zero Day Quest returns: Raising the bar for security

At Microsoft, we are constantly evolving our approach to security as the threat landscape never stands still. Every day, we work alongside the global security community to anticipate, identify, and address vulnerabilities before they can impact our customers and partners. We know security is a team sport and that is why we invest in programs that empower researchers to challenge our technologies and publicly share their discoveries in a responsible manner.

Building on that longstanding commitment to collaboration, we are excited to bring back Zero Day Quest in Spring 2026. This year’s event offers new opportunities for the security community to work hand in hand with Microsoft engineers and researchers. Together, we will share knowledge, learn from each other, and strengthen the security of the cloud and AI ecosystem.

How to participate in the Zero Day Quest

The journey starts now with the Zero Day Quest Research Challenge, open to all security researchers from August 4 to October 4, 2025. During this period, vulnerability submissions in targeted scenarios are eligible for multiplied bounty awards, rewarding those who help us uncover the most critical issues in Microsoft Azure, Copilot, Dynamics 365 and Power Platform, Identity, or M365.

Security researchers will also have the chance to qualify for the exclusive, invite-only Live Hacking Event at Microsoft’s Redmond campus in Spring 2026. This event will bring together the world’s leading security researchers — those who have demonstrated exceptional impact through their research — to collaborate directly with Microsoft product teams and the Microsoft Security Response Center (MSRC). It is not only a competition and a celebration of our valued research partnerships, but also a shared commitment to raising the bar for security across the industry.

To recognize and reward the most impactful research, we are offering +50% bounty multiplier for Critical severity vulnerabilities and high-impact scenarios discovered during the Research Challenge that align with the new and existing Microsoft Azure, Copilot, Dynamics 365 and Power Platform, Identity, or M365 Bounty Programs. If your submission qualifies for both general and high-impact multipliers, the higher value applies.

Zero Day Quest training and community engagement

We are committed to supporting researchers at every step. Zero Day Quest participants can leverage training sessions from the AI Red Team, MSRC, and Dynamics teams, including:

Learn to Red Team AI Systems Using PyRIT
Microsoft’s Bug Bounty Program and AI Research
Security Research in Copilot Studio

Transparency and responsible disclosure

In alignment with our Coordinated Vulnerability Disclosure (CVD), researchers are encouraged to publicly discuss their findings once mitigated - with support from Microsoft through blogs, podcasts, and videos. As part of our Secure Future Initiative (SFI), we will transparently share critical vulnerabilities through the CVE program, even if no customer action is required. Learnings from the Zero Day Quest will be shared across Microsoft to help improve Cloud and AI security in alignment with SFI’s core principles: securing by default, by design, and in operations.

Ready to join the quest? Submit your findings, connect with the community, and help us shape the future of security: Microsoft Zero Day Quest.

Let’s raise the bar together.

Tom Gallagher

VP of Engineering, Microsoft Security Response Center (MSRC)