Microsoft is enhancing its bug bounty initiatives with the launch of the Zero Day Quest hacking event. With $4 million in potential rewards, it focuses on driving research in critical areas such as cloud computing and AI.
Event focus
The event invites security researchers to discover and report high-impact vulnerabilities in Microsoft AI and Cloud Bounty Programs: AI, Microsoft Azure, Microsoft Identity, M365, Microsoft Dynamics 365, and Power Platform.
“To advance AI security, we will offer double AI bounty awards. We will also offer researchers direct access to the Microsoft AI engineers focused on developing secure AI solutions, and our AI Red Team. This opportunity will allow participants to enhance their skills with cutting-edge tools and techniques and work with Microsoft to raise the bar for AI security across the ecosystem – making everyone safer,” Tom Gallagher, VP of Engineering, Microsoft Security Response Center (MSRC) explained, and invited interested researchers to register for a training session with the Microsoft AI Red Team.
Once the vulnerabilities have been fixed, researchers will be encouraged to publicly discuss their findings. Microsoft says it will transparently share cloud service vulnerabilities through the Common Vulnerabilities and Exposures (CVE) program, even if they require no customer action.
Zero Day Quest challenges
The Zero Day Quest offers two unique opportunities for participants:
Research Challenge: Open to everyone, this challenge invites researchers worldwide to showcase their expertise by finding and reporting vulnerabilities in the aforementioned solutions. The Research Challenge will run from 12:00 AM Pacific Time, November 19, 2024, through 11:59 PM Pacific Time, January 19, 2025.
Onsite hacking event: This invite-only event, which will held at the Microsoft Campus in Redmond, Washington in 2025, is reserved for Microsoft’s top 10 ranked researchers from the 2024 Annual Leaderboards for Azure, Dynamics, and Office. Additionally, 45 more researchers will be invited, based on the strength of their submissions to the open Research Challenge.
For more details about the event visit the official site.