Microsoft Announces AI Security Hacking Event with Rewards

Microsoft Launches In-Person Hacking Event, Zero Day Quest

Microsoft is creating an in-person hacking event, Zero Day Quest, which it says will be the largest of its kind. The event will build upon Microsoft’s existing bug bounty program and incentivize research into high-impact security flaws that can affect the software powering cloud and AI workloads.

About Zero Day Quest

“This new hacking event will be the largest of its kind, with an additional $4 million in potential awards for research into high-impact areas, specifically cloud and AI,” explains Tom Gallagher, VP of engineering at Microsoft’s security response center. “Zero Day Quest will provide new opportunities for the security community to work hand in hand with Microsoft engineers and security researchers — bringing together the best minds in security to share, learn, and build community as we work to keep everyone safe.”

Submission and Awards

The Zero Day Quest starts today, with Microsoft accepting submissions for research that is eligible for bounty awards. These submissions will qualify security researchers for a spot at the in-person hacking event at Microsoft’s headquarters in Redmond, Washington, in 2025.

Awards and Incentives

Microsoft is doubling the awards that it pays out for AI bounties, and it’s also offering security researchers direct access to Microsoft AI engineers and the company’s AI Red Team — a group of experts that probe Microsoft’s AI systems for failures.

Commitment to Transparency

“As part of our ongoing commitment to transparency, we will share the details of the bugs once they are fixed so the whole industry can learn from them — after all, security is a team sport,” says Vasu Jakkal, corporate vice president of security at Microsoft. Any critical vulnerabilities will be shared through the Common Vulnerabilities and Exposures (CVE) program, and Microsoft plans to share any learnings across Microsoft to improve its cloud and AI security.

Background

This new security event comes after Microsoft has embarked on its largest-ever security transformation. Microsoft made security its number one priority for every employee earlier this year, following years of security issues and a scathing report from the US Cyber Safety Review Board.

Microsoft Security Exposure Management

Microsoft Security Exposure Management is also launching today, providing defenders with a graph-based view of a business’s login credentials, permissions, and other security-related elements that can identify potential attack vectors.

Conclusion

Microsoft’s Zero Day Quest is a significant step in the company’s commitment to security and transparency. By incentivizing research into high-impact security flaws and providing a platform for security researchers to collaborate with Microsoft engineers and security researchers, the company is taking a proactive approach to improving the security of its cloud and AI workloads.

FAQs

Q: What is Zero Day Quest?
A: Zero Day Quest is an in-person hacking event launched by Microsoft, which aims to incentivize research into high-impact security flaws that can affect the software powering cloud and AI workloads.

Q: What are the awards for participating in Zero Day Quest?
A: Microsoft is offering an additional $4 million in potential awards for research into high-impact areas, specifically cloud and AI.

Q: How can security researchers participate in Zero Day Quest?
A: Security researchers can submit their research for eligibility for bounty awards, which will qualify them for a spot at the in-person hacking event at Microsoft’s headquarters in Redmond, Washington, in 2025.

Q: What is Microsoft Security Exposure Management?
A: Microsoft Security Exposure Management is a new tool that provides defenders with a graph-based view of a business’s login credentials, permissions, and other security-related elements that can identify potential attack vectors.