Microsoft's youngest bug bounty hacker is just 13 and already making waves

Microsoft’s security teams regularly work with outside researchers, but one of their most surprising collaborators is still in high school. The company recently spotlighted its ongoing partnership with a teenage ethical hacker, 13-year-old Dylan, who has been helping patch vulnerabilities across Microsoft products.

From school hacks to securing Microsoft, here’s Dylan’s journey

Dylan’s journey into cybersecurity started early. He picked up tools like Scratch, HTML, and more complex programming languages by exploring educational platforms. His first big breakthrough came during the pandemic when his school disabled chat creation in Microsoft Teams.

After nearly a year of experimenting, Dylan discovered a vulnerability that could let him take control of any Teams group. When he reported the issue to Microsoft, it led to more than just a fix.

Microsoft revised its Bug Bounty Program rules to include researchers as young as 13. Dylan became the youngest person ever to work with the Microsoft Security Response Center (MSRC).

Since then, he hasn’t slowed down. Last summer alone, Dylan submitted 20 new vulnerability reports, more than triple his previous total. He even flagged issues in Microsoft’s Authenticator Broker service. Microsoft praises him not just for technical skills but also for speaking up during disagreements, showing confidence beyond his years.

Now a junior in high school, Dylan continues to collaborate with MSRC on critical fixes. His story is a reminder that talent can come from anywhere, and the security world benefits when companies welcome younger voices into the fold.