Microsoft has announced the launch of Zero Day Quest, a significant expansion of its bug bounty programs, focused on uncovering high-impact security vulnerabilities in cloud and AI technologies. 

Under the program, Microsoft will double the bounty rewards for eligible AI vulnerabilities from Nov. 19, 2024, to Jan. 19, 2025, and give researchers direct access to the company’s dedicated AI engineers and the AI Red Team, which specializes in probing AI systems for potential security flaws. The initiative is part of Microsoft’s broader Secure Future Initiative, launched to pre-emptively address security vulnerabilities across its extensive suite of products and services.

Microsoft will also be adding bonus bounty multipliers for valid, important or critical severity issues across Microsoft’s AI, Azure, Microsoft Identity, M365, Dynamics 365, and Power Platform for the length of the challenge. 

Submissions can also qualify researchers for one of 45 spots in an onsite hacking event at Microsoft headquarters in Redmond, Wash., which will be held in 2025.  

“Zero Day Quest will provide new opportunities for the security community to work hand in hand with Microsoft engineers and security researchers — bringing together the best minds in security to share, learn, and build community as we work to keep everyone safe,” Tom Gallagher VP of engineering at the Microsoft Security Response Center, wrote in a blog entry posted Tuesday

The company plans to share post-discovery insights through the Common Vulnerabilities and Exposures (CVE) program to allow the entire industry to learn from the identified security issues. The event reinforces Microsoft’s commitment to elevating security standards and creating deeper partnerships within the cybersecurity community, ensuring more robust defenses across its platforms in light of increasing threats and past security breaches involving its products.

“This event is not just about finding vulnerabilities; it’s about fostering new and deepening existing partnerships between the Microsoft Security Response Center, product teams, and external researchers — raising the security bar for all,” Gallagher wrote.

More details on the program can be found on Microsoft’s Security Response Center

Greg Otto

Written by Greg Otto

Greg Otto is Editor-in-Chief of CyberScoop, overseeing all editorial content for the website. Greg has led cybersecurity coverage that has won various awards, including accolades from the Society of Professional Journalists and the American Society of Business Publication Editors. Prior to joining Scoop News Group, Greg worked for the Washington Business Journal, U.S. News & World Report and WTOP Radio. He has a degree in broadcast journalism from Temple University.



Plus de détails sur l’article original.