Bug Bounty
Microsoft pays $2.3M for cloud and AI flaws at Zero Day Quest
Microsoft has awarded $2.3 million to security researchers after receiving nearly 700 submissions during this year’s Zero Day Quest hacking contest. Tom Gallagher, Vice President of Engineering at Microsoft Security Response Center (MSRC), said that over 80 flaws found during the live event at Microsoft’s Redmond campus were high-impact cloud and AI security vulnerabilities. “During the […]
Google paid $17.1 million for vulnerability reports in 2025
Google paid over $17 million to 747 security researchers who reported security bugs through its Vulnerability Reward Program (VRP) in 2025. The company says it has awarded over $81.6 million in bug bounties since the first Vulnerability Reward Program went live in 2010, while the highest reward paid last year was of $250,000. “Our VRP once […]
Curl ending bug bounty program after flood of AI slop reports
The developer of the popular curl command-line utility and library announced that the project will end its HackerOne security bug bounty program at the end of this month, after being overwhelmed by low-quality AI-generated vulnerability reports. The change was first discovered in a pending commit to curl’s BUG-BOUNTY.md documentation, which removes all references to the HackerOne program. […]
Zeroday Cloud hacking event awards $320,0000 for 11 zero days
The Zeroday Cloud hacking competition in London has awarded researchers $320,000 for demonstrating critical remote code execution vulnerabilities in components used in cloud infrastructure. The first hacking event focused on cloud systems, the competition is hosted by Wiz Research in partnership with Amazon Web Services, Microsoft, and Google Cloud. The researchers were successful in 85% of the […]
Microsoft bounty program now includes any flaw impacting its services
Microsoft now pays security researchers for finding critical vulnerabilities in any of its online services, regardless of whether the code was written by Microsoft or a third party. This policy shift was announced at Black Hat Europe on Wednesday by Tom Gallagher, vice president of engineering at Microsoft Security Response Center. As Gallagher explained, attackers don’t distinguish between Microsoft […]
Google’s new AI bug bounty program pays up to $30,000 for flaws
This week, Google has launched an AI Vulnerability Reward Program dedicated to security researchers who find and report flaws in the company’s AI systems. The new bug bounty program focuses on the most impactful issues in the highest-profile AI products, including but not limited to Google Search (on google.com), Gemini Apps (Web, Android, and iOS), […]
Zeroday Cloud hacking contest offers $4.5 million in bounties
A new hacking competition called Zeroday Cloud, focused on open-source cloud and AI tools, announced a total prize pool of $4.5 million in bug bounties for researchers that submit exploits for various targets. The contest is launched by the research arm of cloud security company Wiz in partnership with Google Cloud, AWS, and Microsoft, and is scheduled for […]
HackerOne paid $81 million in bug bounties over the past year
Bug bounty platform HackerOne has paid $81 million in rewards to white-hat hackers worldwide over the past 12 months. HackerOne manages over 1,950 bug bounty programs and provides vulnerability disclosure, penetration testing, and code security services to many organizations. Its list of customers includes high-profile companies such as Anthropic, Crypto.com, General Motors, GitHub, Goldman Sachs, […]
Microsoft pays record $17 million in bounties over the last 12 months
Microsoft paid a record $17 million this year to 344 security researchers across 59 countries through its bug bounty program. Between July 2024 and June 2025, the researchers submitted a total of 1,469 eligible vulnerability reports, with the highest individual bounty reaching $200,000. These reports helped resolve more than 1,000 potential security vulnerabilities across various […]
Microsoft increases Zero Day Quest prize pool to $5 million
Microsoft will offer up to $5 million in bounty awards at this year’s Zero Day Quest hacking contest, which the company describes as the “largest hacking event in history.” Last year’s Zero Day Quest has also generated significant participation from the security community, following Microsoft’s offer of $4 million in rewards for vulnerabilities in cloud and AI products […]