Microsoft is hosting the Zero Day Quest Hacking Contest, offering rewards that can reach as high as $5 million.

Microsoft has announced the return of its groundbreaking Zero Day Quest, the largest public hacking event in history, offering unprecedented bounty rewards of up to $5 million for high-impact security research. Building on last year’s successful $4 million initiative, this enhanced program underscores Microsoft’s commitment to collaborative security through responsible vulnerability disclosure and community engagement. The Zero Day Quest signifies a paradigm shift in how technology giants tackle cybersecurity challenges. By incentivising global security researchers to identify critical vulnerabilities before malicious actors can exploit them, Microsoft effectively crowdsources its defence mechanisms across Cloud and AI infrastructure. This proactive approach addresses the evolving threat landscape, where traditional security measures often lag behind sophisticated attack vectors. The competition targets Microsoft’s most critical platforms, including Azure Cloud Services, Copilot AI Systems, Dynamics 365, Power Platform, Identity Services, and Microsoft 365, which have been identified as priority targets due to their widespread enterprise adoption and the potential cascading effects of successful exploits.

The technical framework of the Zero Day Quest operates through a two-phase structure, commencing with the Zero Day Quest Research Challenge from August 4 to October 4, 2025. During this period, qualifying vulnerability submissions receive a substantial +50% bounty multiplier for Critical severity findings. The program incorporates Microsoft’s Coordinated Vulnerability Disclosure protocols, ensuring that discovered vulnerabilities follow responsible disclosure practices before public revelation. Qualifying researchers gain access to an exclusive invite-only Live Hacking Event at Microsoft’s Redmond campus in Spring 2026, where they collaborate directly with Microsoft engineering teams. Additionally, the program includes comprehensive training modules covering AI red team methodologies using PyRIT (Python Risk Identification Toolkit), advanced bug bounty techniques, and specialised security research in Copilot Studio environments. This technical education component ensures researchers can effectively target Microsoft’s complex AI and cloud architectures while maintaining ethical boundaries and responsible disclosure standards.