Tuesday, July 15, 2025
The Microsoft Researcher Recognition Program offers public thanks and recognition to security researchers who help protect our customers through discovering and sharing security vulnerabilities under Coordinated Vulnerability Disclosure. Today, we are excited to recognize this year’s Most Valuable Researchers (MVRs), based on the total number of points earned for each valid report.
Monday, July 07, 2025
Congratulations to all the researchers recognized in this quarter’s Microsoft Researcher Recognition Program leaderboard! Thank you to everyone for your hard work and continued partnership to secure customers. The top three researchers of the 2025 Q2 Security Researcher Leaderboard are wkai, Brad Schlintz (nmdhkr), and 0x140ce! Check out the full list of researchers recognized this quarter here.
Tuesday, July 01, 2025
At just 13 years old, Dylan became the youngest security researcher to collaborate with the Microsoft Security Response Center (MSRC). His journey into cybersecurity is inspiring—rooted in curiosity, resilience, and a deep desire to make a difference. Early beginnings: From scratch to security Dylan’s fascination with technology began early. Like many kids, he started with Scratch—a visual programming language for making simple games and animations.
Wednesday, June 25, 2025
As attackers continue to evolve, Microsoft is committed to staying ahead by not only responding to vulnerabilities, but also by anticipating and mitigating entire classes of threats. One such threat, filesystem redirection attacks, has been a persistent vector for privilege escalation. In response, we’ve developed and deployed a new mitigation in Windows 11 called RedirectionGuard.
Friday, May 09, 2025
Congratulations to all the researchers recognized in this quarter’s Microsoft Researcher Recognition Program leaderboard! Thank you to everyone for your hard work and continued partnership to secure customers. The top three researchers of the 2025 Q1 Security Researcher Leaderboard are 0x140ce, VictorV, Vaisha Bernard of Eye Security! Check out the full list of researchers recognized this quarter here.
Monday, April 21, 2025
This month, the Microsoft Security Response Center recently welcomed some of the world’s most talented security researchers at Microsoft’s Zero Day Quest, the largest live hacking competition of its kind. The inaugural event challenged the security community to focus on the highest-impact security scenarios for Copilot and Cloud with up to $4 million in potential awards.
Friday, March 14, 2025
We are excited to announce the winners of LLMail-Inject, our first Adaptive Prompt Injection Challenge! The challenge ran from December 2024 until February 2025 and was featured as one of the four official competitions of the 3rd IEEE Conference on Secure and Trustworthy Machine Learning (IEEE SaTML). The overall aims of this challenge were to advance the state-of-the-art defenses against indirect prompt injection attacks and to broaden awareness of these new techniques.
Thursday, March 13, 2025
Content warning: This blog post contains discussions of sensitive topics. These subjects may be distressing or triggering for some readers. Reader discretion is advised. Today, we are sharing insights on a simple, optimization-free jailbreak method called Context Compliance Attack (CCA), that has proven effective against most leading AI systems. We are disseminating this research to promote awareness and encourage system designers to implement appropriate safeguards.
Friday, February 07, 2025
At Microsoft, we are committed to fostering a secure and innovative environment for our customers and users. As part of this commitment, we are thrilled to announce significant updates to our Copilot (AI) Bounty Program. These changes are designed to enhance the program’s effectiveness, incentivize broader participation, and ensure that our Copilot consumer products remain robust, safe, and secure.
Tuesday, January 21, 2025
Introduction Microsoft engineering teams use the Security Development Lifecycle to ensure our products are built in alignment with Microsoft’s Secure Future Initiative security principles: Secure by Design, Secure by Default, and Secure Operations. A key component of the Security Development Lifecycle is security testing, which aims to discover and mitigate security vulnerabilities before adversaries can exploit them.
