Microsoft Bumps Up Zero Day Quest's Prize Pool to $5 Million

Generally, tech companies offer bug bounty programs to crowdsource security research, and Microsoft is doubling down on that idea in a big way.

The company just announced a massive $5 million prize pool for its 2025 Zero Day Quest, a global hacking challenge aimed at uncovering security flaws in cloud and AI products.

Open from August 4 to October 4, the contest is calling on security researchers worldwide to dig deep into Microsoft platforms like Azure, Copilot, Dynamics 365, and M365. There’s even a 50% bounty bonus up for grabs for those who uncover critical, high-impact issues.

The top-performing participants will score an invite to a live, invite-only hacking showdown at Microsoft’s Redmond campus next spring. Along the way, the company plans to offer support and training from its internal AI Red Team and other security units.

This expanded initiative falls under Microsoft’s Secure Future Initiative (SFI), a push to overhaul the company’s security culture following federal criticism.

Microsoft says the findings from the contest will help inform its AI and cloud security strategies and will be disclosed transparently through the CVE program, whether or not customer action is needed.

As part of the update, Microsoft also boosted some .NET and ASP.NET Core bug rewards to $40,000 and widened its scope for the .NET bounty program.