Main image of article Microsoft's Zero Day Quest Offers Big Bounties for AI, Cloud Bugs

If you’re interested in discovering the vulnerabilities in cloud and AI platforms—and potentially earning a lot of money for it—Microsoft has an event for you.

Zero Day Quest, which Microsoft bills as “the largest of its kind,” will feature an invite-only hacking event at Microsoft’s main campus in Redmond, Washington sometime in 2025. Those cybersecurity researchers who want an invite to the event must participate in the associated research challenge, which includes discovering vulnerabilities in a handful of Microsoft platforms, including Microsoft Azure and Microsoft’s AI tools.

The research challenge, which runs from November 19 through January 19, features some nifty bounty multipliers. For example, discovering “high impact scenarios” in Azure or Microsoft Dynamics 365 can unlock a multiplier of 50 percent. Microsoft claims it will pay out an additional $4 million to researchers who discover vulnerabilities; on top of that, it will provide hacking event invitations to 10 researchers who top the rankings of its 2024 Annual Azure, Dynamics, and Office Leaderboards. Another 45 researchers will be invited “based on their submissions.”

“To advance AI security, starting today we will offer double AI bounty awards,” read a note posted on Microsoft’s Security Response Center blog. “We will also offer researchers direct access to the Microsoft AI engineers focused on developing secure AI solutions, and our AI Red Team. This unique opportunity will allow participants to enhance their skills with cutting-edge tools and techniques and work with Microsoft to raise the bar for AI security across the ecosystem—making everyone safer.

Bug bounties have long been a popular way for cybersecurity professionals to earn a little cash while sniffing out vulnerabilities in critical systems. A “hacker” mindset is often essential, along with a healthy curiosity about how companies build out their hardware and software infrastructure. Many bug bounties pay anywhere from a few hundred to a few thousand dollars—although some vulnerabilities are worth many hundreds of thousands.