{"id":45446,"date":"2026-04-16T01:12:00","date_gmt":"2026-04-15T17:12:00","guid":{"rendered":"https:\/\/nuoya.nuoyayasuo.top\/index.php\/2026\/04\/16\/microsoft-pays-2-3m-for-cloud-and-ai-flaws-at-zero-day-quest\/"},"modified":"2026-04-16T01:12:00","modified_gmt":"2026-04-15T17:12:00","slug":"microsoft-pays-2-3m-for-cloud-and-ai-flaws-at-zero-day-quest","status":"publish","type":"post","link":"https:\/\/nuoya.nuoyayasuo.top\/index.php\/2026\/04\/16\/microsoft-pays-2-3m-for-cloud-and-ai-flaws-at-zero-day-quest\/","title":{"rendered":"Microsoft pays $2.3M for cloud and AI flaws at Zero Day Quest"},"content":{"rendered":"\n

\"Microsoft<\/p>\n

Microsoft has awarded $2.3 million to security researchers after receiving nearly 700 submissions during this year’s Zero Day Quest hacking contest.<\/p>\n

Tom Gallagher, Vice President of Engineering at Microsoft Security Response Center (MSRC), said that over 80 flaws found during the live event at Microsoft’s Redmond campus were high-impact cloud and AI security vulnerabilities.<\/p>\n

“During the 2026 live hacking event, Microsoft partnered with the global security research community, representing more than 20 countries and a wide range of professional backgrounds, from high school students to college professors,” Gallagher said<\/a>.<\/p>\n

“Researchers conducted all testing within authorized environments in accordance with Microsoft’s Rules of Engagement, demonstrating potential impact without accessing customer data or other tenant systems. Within these constraints, researchers identified critical paths involving credential exposure, SSRF chains, and cross‑tenant access.”<\/p>\n

Last August, Microsoft announced that it would increase the prize pool<\/a> at this year’s Zero Day Quest hacking contest to $5 million in bounty awards, which the company described as the “largest hacking event in history.”<\/p>\n

The 2025 Zero Day Quest also generated significant participation from the security community, following Microsoft’s offer of $4 million<\/a> in rewards for vulnerabilities in cloud and AI products and platforms.<\/p>\n

After the hacking competition concluded, Microsoft announced it had paid $1.6 million in rewards<\/a> after receiving more than 600 vulnerability submissions.<\/p>\n

The Zero Day Quest contest is part of Microsoft’s Secure Future Initiative (SFI), a cybersecurity engineering effort launched in November 2023, following a scathing report from the Cyber Safety Review Board of the U.S. Department of Homeland Security that found the company’s security culture “inadequate” and requiring “an overhaul.”<\/p>\n

“As part of our Secure Future Initiative (SFI), we will transparently share critical vulnerabilities through the CVE program, even if no customer action is required,” Gallagher said<\/a> in August. “Learnings from the Zero Day Quest will be shared across Microsoft to help improve Cloud and AI security in alignment with SFI’s core principles: securing by default, by design, and in operations.”<\/p>\n

Earlier that month, Microsoft announced it had paid a record $17 million<\/a> to 344 security researchers across 59 countries through its bug bounty program between July 2024 and June 2025.<\/p>\n

In December, it also announced that security researchers would be paid for finding critical vulnerabilities in any of Microsoft’s online services, even if a third party wrote the vulnerable code<\/a>.<\/p>\n