Microsoft is creating an in-person hacking event, Zero Day Quest, that it says will be the largest of its kind. The event will build on Microsoft’s existing bug bounty program and encourage research into high-impact security vulnerabilities that can impact software that powers cloud and AI workloads.
“This new hacking event will be the largest of its kind, with an additional $4 million in potential rewards for research in high-impact areas, particularly cloud and AI,” says Tom Gallagher, vice president of engineering at Microsoft’s Security Response Center. “Zero Day Quest will provide new opportunities for the security community to work hand-in-hand with Microsoft security engineers and researchers, bringing together the best minds in the security field to share, learn, and build community while working to keep everyone safe. »
The Zero Day Quest begins today, with Microsoft accepting submissions for bounty-eligible research. These submissions will qualify security researchers for a spot at the in-person hacking event at Microsoft headquarters in Redmond, Washington, in 2025.
Microsoft is doubling the rewards it pays for AI bounties and also giving security researchers direct access to Microsoft’s AI engineers and the company’s AI Red Team, a group of experts that probe Microsoft’s AI systems looking for faults.
“As part of our ongoing commitment to transparency, we will share details of bugs once they are fixed so that the entire industry can learn from them. After all, security is a team sport,” says Vasu Jakkal, the company’s vice president of security. at Microsoft. All critical vulnerabilities will be shared through the Common Vulnerabilities and Exposures (CVE) program, and Microsoft plans to share any lessons learned within Microsoft to improve its cloud and AI security.
This new security event comes after Microsoft launched its the largest security transformation ever. Microsoft has made security its number one priority for every employee earlier this yearafter years of security concerns and a scathing report from the US Cyber Safety Review Board.
Microsoft Security Exposure Management also launches today, giving defenders a graphical view of an organization’s login information, permissions, and other security-related elements that can identify potential attack vectors.