Microsoft has announced the results of its Zero Day Quest 2026 live hacking contest.
The tech giant offered a $5 million prize pool, with $2.3 million awarded to participants across 700 submissions. White hat hackers from over 20 countries took part in the event.
The company said Zero Day Quest 2026 has helped it learn about 80 high-impact vulnerabilities affecting cloud and AI services.
“Many of the findings showed how weaknesses in identity controls or tenant isolation could allow issues identified within authorized test environments to impact other tenants if combined with execution or network-level vulnerabilities,” Microsoft explained.
It noted that researchers “identified critical paths involving credential exposure, SSRF chains, and cross‑tenant access”.
“These findings reinforce the need for layered defenses and strong isolation boundaries across Microsoft’s cloud and AI services, and underscore the importance of addressing upstream control gaps earlier in the development lifecycle in alignment with Secure Future Initiative priorities,” the company said.
At Zero Day Quest 2025, Microsoft paid out $1.6 million to participants.
In August 2025, Microsoft announced that it had paid out $17 million in bug bounties in the past year, bringing the total payouts since 2018 to more than $92 million.
Related: Infotainment, EV Charger Exploits Earn Hackers $1M at Pwn2Own Automotive 2026
Related: Pwn2Own WhatsApp Hacker Says Exploit Privately Disclosed to Meta
Related: $320,000 Paid Out at Zeroday.Cloud for Open Source Software Exploits
