Microsoft has announced Zero Day Quest at Ignite in Chicago, a new hacking event with a bug bounty of up to $4 million in rewards to security researchers. The initiative is focused on cloud and AI products and platforms. 

The event is an expansion of their security and transparency programmes under the Secure Future Initiative that was launched last year.

“At the end of the day, we recognize that when it comes to security, it’s fundamentally a team sport,” Microsoft CEO Satya Nadella said during his keynote speech. “And that’s why we want to partner, and we’re partnering broadly with the security community.”

The event has started after the announcement with a challenge where participants can submit vulnerabilities for certain instances and earn bounty awards. They could eventually even qualify for the onsite hacking event to held next year in Redmond, Washington.

The contest is open from November 19, 2024 until January 19, 2025. 

Microsoft has also said it will double bounty awards for AI vulnerabilities pointed out by security researchers and give them direct access to the Microsoft AI engineers and their AI Red Team. 

“Zero Day Quest will provide new opportunities for the security community to work hand in hand with Microsoft engineers and security researchers -- bringing together the best minds in security to share, learn, and build community as we work to keep everyone safe,” Microsoft Security Response Center Vice President of Engineering, Tom Gallagher wrote in a blog post. Calling the event the “largest of its kind,” Gallagher added that Zero Day Quest will give new opportunities to “the security community to work hand in hand with Microsoft engineers and security researchers.” 

Microsoft’s cybersecurity practices have recently come under fire after it was reported that Chinese hackers had stolen over 60,000 emails from the U.S. State Department accounts after breaching the Microsoft Exchange Online email platform. 

Published - November 20, 2024 11:15 am IST