Microsoft has announced the return of its groundbreaking hacking event, the Zero Day Quest, offering an unprecedented $5 million in bounty awards for critical security research.
Building on last year’s record-setting program, the 2026 Zero Day Quest seeks to further strengthen cloud and AI security by rallying the world’s top cybersecurity talent in an open, collaborative competition.
Zero Day Quest reaffirms Microsoft’s commitment to transparency and partnership with the security research community.
The event focuses on finding high-impact vulnerabilities in Microsoft’s most critical services, Azure, Copilot, Dynamics 365, Power Platform, Microsoft 365, and Identity solutions.
Zero Day Quest – Hackathon Program
Researchers worldwide are invited to participate in the Zero Day Quest Research Challenge, running from August 4 to October 4, 2025.
A major technical draw is the scale of bounty incentives: submissions of critical-severity vulnerabilities that align with Microsoft’s existing bounty programs are eligible for a 50% bonus.
The highest-impact reports will secure invitations to the exclusive live hacking event at the Microsoft Redmond campus in Spring 2026, where leading researchers collaborate directly with Microsoft Security Response Center (MSRC) engineers.
This year’s Quest prioritizes vulnerabilities that target real-world cloud attack scenarios and AI systems. Researchers are challenged to probe attack surfaces in Microsoft Azure’s core infrastructure, such as privileged role escalation, cloud identity breaches, and inter-tenant data exposure.
AI security is also front and center; vulnerabilities in Copilot and other AI-powered features are especially valued, with an emphasis on model manipulation, prompt injection, and data leakage exploits.
Researchers can submit findings through traditional programs for Microsoft Azure, Copilot, Dynamics 365 and Power Platform, Identity, and Microsoft 365.
The highest technical rigor is required: only reproducible, high-severity vulnerabilities with clear real-world impact qualify for bonuses and invitations to the Redmond event.
To equip participants, Microsoft will host technical training sessions in collaboration with the AI Red Team and product security teams. Sessions will cover advanced offensive security tooling such as PyRIT for red-teaming AI systems and guidance on responsible vulnerability reporting.
As part of its Secure Future Initiative, Microsoft pledges complete transparency in disclosing mitigated vulnerabilities through the Coordinated Vulnerability Disclosure (CVD) process and the Common Vulnerabilities and Exposures (CVE) program.
By raising the reward ceiling and focusing on the collaborative discovery of vulnerabilities in emerging cloud and AI technologies, Microsoft’s Zero Day Quest sets new benchmarks for industry-wide cybersecurity.
As CEO, Satya Nadella has often remarked, “Security is a team sport,” making these events crucial for safeguarding customers and advancing global digital trust.
_imresizer.jpg?w=1200&resize=1200,0&ssl=1&description=Zero-Day Hackathon - Microsoft has announced the return of its groundbreaking hacking event, the Zero Day Quest, offering an unprecedented.){kind=link}