Microsoft Pays $2.3M at Zero Day Quest for Cloud and AI Vulnerabilities
Microsoft awarded $2.3 million to researchers who submitted nearly 700 vulnerability reports during its 2026 Zero Day Quest live hacking event in Redmond. Over 80 of the flaws were classified as high-impact issues in cloud and AI systems, with researchers surfacing credential exposure paths, SSRF chains, and cross-tenant access vectors — all demonstrated inside authorized environments without touching customer data.
The event drew participants from more than 20 countries and sits inside a $5 million prize pool, up from $4 million in 2025, when submissions topped 600 and payouts reached $1.6 million. Microsoft is positioning Zero Day Quest as the centerpiece of its Secure Future Initiative, launched in November 2023 after the DHS Cyber Safety Review Board called the company’s security culture inadequate and demanded an overhaul.
The numbers frame a structural shift: Microsoft paid a record $17 million across its broader bug bounty program between July 2024 and June 2025, and has extended rewards to cover critical flaws in third-party code running inside its online services. The focus on cross-tenant and SSRF findings reflects where cloud and AI architecture is actually breaking — boundary enforcement between tenants and trust assumptions in service-to-service calls.
Read the full article
Continue reading at BleepingComputer →This is an AI-generated summary. Read the original for the full story.