Microsoft Wants You to Hack Its AI

Microsoft is launching a new addition to its bug bounty program, along with a new, invitation-only hacking contest, in an effort to entice researchers to find novel vulnerabilities in its cloud and AI products. 

The new program is called Zero Day Quest and it started today and will run through Jan. 19, 2025. It’s designed to be an enhancement to the company’s existing bounty programs and has two separate parts. The first part is a public research challenge in which security researchers are tasked with finding new bugs in five specific Microsoft offerings: MIcrosoft AI, Microsoft Azure, Microsoft Identity, M365, and Microsoft Dynamics 365 and Power Platform. As part of this challenge, Microsoft is offering 50% multipliers for critical or important vulnerabilities in specific scenarios, and is also permanently doubling AI bounties. 

There’s a total of an additional $4 million in bonuses available.

“This event is not just about finding vulnerabilities; it’s about fostering new and deepening existing partnerships between the Microsoft Security Response Center (MSRC), product teams, and external researchers – raising the security bar for all,” said Tom Gallagher, VP of Engineering, Microsoft Security Response Center.

The second part of the challenge is an invitation-only live hacking event in Redmond next year. The top 10 researchers in each product category who participate in the public challenge will be invited to the live event, along with the 45 researchers who earn the most bounties. The researchers who make it to the live event will be able to work with MIcrosoft’s own internal AI researchers. 

“We will also offer researchers direct access to the Microsoft AI engineers focused on developing secure AI solutions, and our AI Red Team. This unique opportunity will allow participants to enhance their skills with cutting-edge tools and techniques and work with Microsoft to raise the bar for AI security across the ecosystem – making everyone safer,” Gallagher said.

The new challenge is subject to rules and submission requirements of the existing Microsoft bounty programs, of course. Researchers can get involved in the Zero Day Quest challenge here.