Microsoft awards $2.3 million in Zero Day Quest hacking contest

Microsoft has awarded $2.3 million to security researchers who submitted nearly 700 findings during its recent Zero Day Quest hacking contest. The event, held at Microsoft's Redmond campus, focused on identifying high-impact cloud and AI security vulnerabilities. Over 80 flaws were discovered during the live hacking event, Bleeping Computer reports.

The Zero Day Quest saw participation from researchers across more than 20 countries. They operated within authorized environments, identifying critical vulnerabilities such as credential exposure, server-side request forgery (SSRF) chains, and cross-tenant access without compromising customer data. This year's event follows previous contests, including one in 2025 where $1.6 million was awarded for over 600 submissions. Microsoft's bug bounty program also paid a record $17 million to 344 researchers between July 2024 and June 2025.

The Zero Day Quest is a key component of Microsoft's Secure Future Initiative (SFI), launched after a critical review of the company's security practices. This initiative emphasizes transparency in sharing vulnerabilities and improving cloud and AI security by design and in operations. The program's expansion to include flaws in third-party code within Microsoft services highlights a broader industry trend towards shared responsibility in cybersecurity and increased scrutiny of vendor security.

Source: Bleeping Computer