In a groundbreaking move, Microsoft has announced the launch of an in-person hacking event called Zero Day Quest, set to be the largest of its kind. This event aims to enhance Microsoft’s existing bug bounty program and encourage research into high-impact security flaws that have the potential to impact the software supporting cloud and AI workloads.

Tom Gallagher, the VP of engineering at Microsoft’s security response center, shared insights about this monumental hacking event. He highlighted that Zero Day Quest will offer an additional $4 million in potential awards for researchers focusing on critical areas such as cloud and AI security. Gallagher emphasized the collaborative nature of the event, noting that it will provide an opportunity for the security community to work closely with Microsoft engineers and researchers. By bringing together the brightest minds in security, Zero Day Quest aims to foster knowledge sharing, learning, and community building to ensure the safety of all users.

The much-anticipated Zero Day Quest kicks off today, with Microsoft inviting submissions for research eligible for bounty awards. Security researchers who submit qualifying research will have the chance to secure a spot at the in-person hacking event scheduled to take place at Microsoft’s headquarters in Redmond, Washington, in 2025.

Moreover, Microsoft is stepping up its commitment to AI security by doubling the awards for AI bounties and granting security researchers direct access to Microsoft AI engineers and the company’s AI Red Team. This move will facilitate closer collaboration between researchers and Microsoft’s AI experts, enabling a deeper exploration of potential vulnerabilities in AI systems.

Vasu Jakkal, the corporate vice president of security at Microsoft, reiterated the company’s dedication to transparency and shared learnings in the security domain. Through initiatives like Zero Day Quest, Microsoft plans to publicly disclose and address any identified bugs to foster industry-wide learning and improvement. Critical vulnerabilities will be reported through the Common Vulnerabilities and Exposures (CVE) program, and Microsoft intends to leverage these insights internally to enhance its cloud and AI security measures.

This major security event follows Microsoft’s recent focus on security transformation, marked by the company’s commitment to making security its top priority for every employee. Following years of security challenges and a critical report from the US Cyber Safety Review Board, Microsoft has taken significant steps to bolster its security posture and protect its users.

In tandem with the Zero Day Quest announcement, Microsoft is also launching Security Exposure Management, a new offering that provides defenders with a comprehensive graph-based view of a business’s login credentials, permissions, and other security-related elements. This tool aims to help organizations identify potential attack vectors and strengthen their overall security posture in an increasingly complex threat landscape.

Overall, Microsoft’s initiatives in the security domain underscore its unwavering commitment to protecting users, fostering collaboration within the security community, and driving continuous improvement in cloud and AI security practices. With events like Zero Day Quest and tools like Security Exposure Management, Microsoft is paving the way for a more secure and resilient digital environment for all.

Source link