Microsoft has awarded a record $17 million to 344 security researchers across 59 countries through its Bounty Program, the highest total in the program’s history. These experts collaborated with the Microsoft Security Response Center (MSRC) to identify over a thousand potential vulnerabilities.
Advertisеment
The initiative supports Microsoft’s proactive security strategy by encouraging independent researchers to report flaws in critical systems, including AI-driven services. All findings follow coordinated disclosure protocols.
Involved platforms
Bounty opportunities cover Azure, Microsoft 365, Dynamics 365, Power Platform, Windows, Edge, Xbox, and other key products. Each program defines clear scopes, eligibility rules, award levels, and submission standards to make contributions more convenient.
Zero Day Quest
In April, Microsoft hosted Zero Day Quest, its first large-scale live hacking event. Over 600 submissions were received, with more than $1.6 million distributed during qualifying rounds and the live competition. Selected researchers participated in hands-on challenges, technical sessions, and collaboration with Microsoft teams. Training included AI vulnerability hunting, SSRF techniques, and bounty best practices.
Zero Day Quest will return annually with updated challenges and expanded incentives. The 2026 Research Challenge is now open, with the next live event scheduled for spring.
Microsoft continues to expand program coverage, including new areas such as Copilot, identity APIs, Defender services, Viva tools, and AI-focused categories. The Identity rewards program now covers more APIs and domains, and the Defender program has added Microsoft Defender for Identity (MDI), Microsoft Defender for Office (MDO), and Microsoft Defender for Cloud Applications (MDA).
Earlier this year, Microsoft announced increased rewards for moderately severe Copilot security vulnerabilities, increased rewards to $40,000 for some .NET and ASP.NET Core vulnerabilities, and increased rewards for Power Platform and Dynamics 365 AI vulnerabilities.
The announcement is here.
Support us
Winaero greatly relies on your support. You can help the site keep bringing you interesting and useful content and software by using these options:
