Microsoft Boosts Zero Day Quest Prize Pool to $5 Million for Enhanced Cybersecurity Rewards

Microsoft is set to offer up to $5 million in bounty awards at this year’s Zero Day Quest hacking contest, which it describes as the “largest hacking event in history.” Following last year’s successful event, which garnered significant participation from the security community and offered $4 million in rewards for vulnerabilities in cloud and AI products, Microsoft aims to further enhance its commitment to cybersecurity. After the November competition concluded, the company announced it had paid out $1.6 million for over 600 vulnerability submissions. This year, the focus will be on addressing security issues in cloud computing and artificial intelligence, with submissions accepted from August 4 to October 4, 2025. Participants will also be eligible for multiplied bounty payouts for reporting critical vulnerabilities, with a +50% bounty multiplier for high-impact scenarios aligning with Microsoft Azure, Copilot, Dynamics 365, and other bounty programs.

Top-performing researchers will qualify for an exclusive live hacking event at Microsoft’s Redmond campus in Spring 2026, where they will collaborate directly with the Microsoft Security Response Center and product teams. Microsoft plans to support participants through training sessions from its AI Red Team, MSRC, and Dynamics teams, covering AI system testing, bug bounty programs, and security research methodologies. This contest is part of Microsoft’s Secure Future Initiative (SFI), a cybersecurity engineering effort launched in November 2023, aimed at overhauling the company’s security culture. Microsoft has committed to transparently sharing critical vulnerabilities through the CVE program, even when no customer action is required. Additionally, the company has increased rewards to $40,000 for certain .NET and ASP.NET Core vulnerabilities and expanded its .NET bug bounty program, reflecting its ongoing dedication to enhancing security across its platforms.