Microsoft Awards $2.3M for Vulnerabilities at Zero Day Quest 2026

Severity: Low (Score: 39.9)

Sources: Bleepingcomputer, Microsoft

Summary

During the 2026 Zero Day Quest hacking event, Microsoft awarded $2.3 million to researchers for identifying nearly 700 security vulnerabilities, including over 80 high-impact flaws in cloud and AI services. The event, held at Microsoft's Redmond campus, involved a diverse group of participants from more than 20 countries. Researchers conducted testing within authorized environments, adhering to Microsoft's Rules of Engagement, which ensured no customer data was compromised. Key vulnerabilities included credential exposure, SSRF chains, and cross-tenant access. This initiative is part of Microsoft's Secure Future Initiative (SFI), aimed at enhancing security practices following previous criticisms of its security culture. The findings will inform future security measures and are shared across Microsoft to improve overall cloud and AI security. The event reflects Microsoft's ongoing commitment to transparency and collaboration with the security research community. Key Points: • Microsoft awarded $2.3 million for nearly 700 vulnerability submissions. • Over 80 high-impact vulnerabilities were identified in cloud and AI services. • The event is part of Microsoft's Secure Future Initiative to enhance security practices.

Key Entities

• Zero-day Exploit (attack_type)
• Zero Day Quest (campaign)