Microsoft announces its own Black Hat-style hacking event with big rewards for AI security
- Microsoft announces Zero Day Quest, a new hacking event for security researchers
- There will also be an in-person event
- Bug bounties for AI-related issues have also doubled
Microsoft has one open to all research challenges to encourage researchers to discover high-impact vulnerabilities in its programs.
Zero Day Quest offers bug bounties for researchers who report bugs in Microsoft AI, Azure, Identity, Dynamics 365 and Power Platform and M365.
The challenge runs until January 19, 2025 and is subject to existing bounty program terms, Safe Harbor policy and additional terms and conditions.
AI bugs are worth double that
Microsoft hopes the event will bring the security community together and encourage collaboration between researchers and engineers to keep all its users safe.
In addition to an online event, the top 45 researchers (based on a bounty amount) will be invited to an all-expenses-paid Onsite Zero Day Quest event in Washington, including the 10 highest-ranked researchers from the 2024 Azure, Dynamics, and Office leaderboards are invited.
AI has dominated the security conversation over the past year, and to reflect growing concerns about AI security, Microsoft has doubled its AI incentives. Other bounty multipliers are also included, such as the discovery of critical and important flaws in remote code execution and escalation of privileges.
Microsoft has made security its top priority and has embarked on its Secure Future initiative to ensure “security above all else” to protect users and businesses.
“This new hacking event will be the largest of its kind, with an additional $4 million in potential prizes for research into high-impact areas, especially cloud and AI,” said Tom Gallagher, VP Engineering at Microsoft Security Response Center.
“Zero Day Quest will provide new opportunities for the security community to work hand-in-hand with Microsoft engineers and security researchers – bringing together the best minds in security to share, learn and build community as we working to keep everyone safe.”
