Zero Day Quest Returns: Microsoft Ups the Stakes with $5M Bug Bounty
Microsoft is once again hosting its highly anticipated live hacking contest, Zero Day Quest 2026, with a whopping $5 million in rewards up for grabs. The competition is designed to attract top security researchers who can uncover serious security flaws in cloud and AI systems.
This is not the first time Microsoft has hosted Zero Day Quest, which was first held in 2022 with significant success. Last year's event offered a total of $1.6 million in rewards for finding major security vulnerabilities, and this year's version promises to be even bigger and better.
A New Level of Bounty Awards
"This year, Zero Day Quest is back with even more potential bounty awards: up to $5 million total for high-impact research in Cloud and AI security," reads the announcement published by Microsoft. "This is the largest public hacking event ever, bringing together the top global security researchers for an opportunity to protect the world."
Microsoft's Zero Day Quest Live Hacking Event is currently underway until April 3, and it's an invite-only opportunity that brings together top security researchers to help strengthen the security of Microsoft's AI and cloud products.
The Research Challenge
From August 4 to October 4, 2025, security researchers can join Microsoft's Zero Day Quest Research Challenge by submitting vulnerabilities in Azure, Copilot, Dynamics 365, Power Platform, Identity, or M365. Top findings may earn a +50% bounty bonus and a spot at the exclusive Live Hacking Event in spring 2026 at Microsoft's Redmond campus.
As part of this event, researchers will have the opportunity to collaborate with Microsoft product teams and the Microsoft Security Response Center (MSRC) to advance security. Microsoft encourages researchers to share their findings publicly after fixes, with support for blogs, podcasts, and videos.
The Secure Future Initiative
Microsoft is also part of its Secure Future Initiative (SFI), which aims to strengthen cloud and AI security. As part of SFI, Microsoft will disclose critical vulnerabilities through the CVE program, even if no user action is needed.
Insights from Zero Day Quest will be shared internally to improve cloud and AI security, following SFI's principles. "In alignment with our Coordinated Vulnerability Disclosure (CVD), researchers are encouraged to publicly discuss their findings once mitigated – with support from Microsoft through blogs, podcasts, and videos."
This is an exciting opportunity for top security researchers to come together and make a real difference in the world of cybersecurity. Stay tuned for more updates on Zero Day Quest 2026 and how you can participate!
Join the Conversation
Follow me on Twitter: @securityaffairs and Facebook and Mastodon (SecurityAffairs – hacking, Zero Day Quest) for the latest news and updates on Zero Day Quest 2026.
Share Your Thoughts
What do you think about Microsoft's Zero Day Quest 2026? Are you a security researcher looking to participate in this exciting event? Let us know your thoughts in the comments below!