Microsoft has officially kicked off the latest—and largest—iteration of its celebrated bug bounty campaign: Zero Day Quest. With the total bounty pool boosted to a staggering $5 million, up $1 million from last year’s record-setting event, Microsoft is mobilizing the global community of security researchers to harden its cloud and artificial intelligence (AI) platforms like never before.
Raising the Bar for Global Security Collaboration
The tech landscape evolves at breakneck pace, with attackers constantly seeking new vulnerabilities and defenders seeking to stay ahead. Microsoft’s answer is to treat security as a collaborative effort—a “team sport”—by engaging independent security researchers worldwide. Zero Day Quest reflects this, offering a platform where researchers and Microsoft engineers work side-by-side, challenge each other, and share breakthroughs in an open, responsible framework.
The 2025 event is not only a competition but also a celebration of these partnerships and a commitment to elevating cybersecurity throughout the tech industry.
How Zero Day Quest 2025 Works
Zero Day Quest 2025 began its Research Challenge on August 4, and it will run through October 4, 2025. Any security researcher can participate, submitting vulnerabilities and research discoveries in targeted high-impact areas, including:
During the Challenge, bounty awards are multiplied for submissions that address critical vulnerabilities or have a broad impact. For instance, a +50% bounty multiplier applies to qualifying findings in “critical severity” or high-impact scenarios across Microsoft’s evolving bounty programs. The highest value multiplier applies for dual-eligible submissions, ensuring that the most impactful research is properly rewarded.
Chance to Join Redmond’s Live Hacking Event in 2026
Those who demonstrate exceptional research impact may receive an exclusive invite to the Live Hacking Event at Microsoft’s Redmond campus in Spring 2026. This gathering will bring together the brightest minds in security to directly collaborate on tough security challenges, build professional community, and guide Microsoft product security into the future.
Championing Transparency and Responsible Disclosure
Following Microsoft’s Coordinated Vulnerability Disclosure (CVD) processes, researchers are not only encouraged to report findings, but also empowered to share their work publicly once Microsoft’s mitigation steps are complete. The company promises transparent reporting of critical vulnerabilities through the CVE (Common Vulnerabilities and Exposures) program, whether or not any customer action is required—demonstrating a commitment to security “by default, by design, and in operations,” the three pillars of Microsoft’s Secure Future Initiative (SFI).
As Microsoft Vice President of Engineering Tom Gallagher stated, “Security is a team sport and that is why we invest in programs that empower researchers to challenge our technologies and publicly share their discoveries in a responsible manner.”
Training and Community Engagement
To ensure participants have tools for success, Microsoft is offering dedicated training resources developed by its AI Red Team, the Microsoft Security Response Center, and its Dynamics teams. Security researchers—both seasoned experts and newcomers—can access:
-
Hands-on workshops on red teaming AI systems with PyRIT
-
Bug bounty program briefings focused on AI research
-
Deep dives into conducting security research in Copilot Studio
These resources lower the barrier to entry and improve the quality of vulnerability submissions, strengthening the overall security ecosystem.
A Community Effort to Secure the Future of Cloud & AI
Zero Day Quest is not just about identifying vulnerabilities. It represents Microsoft’s long-term vision for security collaboration—where continuous learning, ethical research, and open communication shape the future of technology. Bug bounty programs like this not only address the most urgent risks, but catalyze security improvements industry-wide, as learnings are rapidly shared across Microsoft’s cloud and AI products.
With $5 million on the line, top security minds are motivated to push boundaries, test assumptions, and safeguard critical platforms that millions depend on every day.
Ready to Join the Quest?
Whether you’re a veteran bug bounty hunter or an aspiring security researcher at an event like Black Hat USA 2025, Zero Day Quest offers the chance to earn industry-leading rewards, grow your skills, and make a concrete impact on global cybersecurity. Submit your vulnerabilities, collaborate with peers, and play your part in securing the digital future by visiting the official Microsoft Zero Day Quest homepage.
Discover more from Microsoft News Now
Subscribe to get the latest posts sent to your email.
