Dopious
Senior Member
Founding Member
Sapphire Member
Patron
Bronze Star
Bronze Star
Bronze Star
Bronze Star
Bronze Star
“Dylan” made the company rewrite the rules for its bug bounty program.
In a new blog post, the Microsoft Security Response Center writes about "Dylan", a young man who has made a significant impact among security researchers at the large company in recent years.
It all started in 2020 during the pandemic. Dylan’s school was using Microsoft Teams, and after a while, the school administration turned off the ability for students to create meetings in the program. Dylan wanted to get around that obstacle and help his friends, and soon found a way to get around the rule using Outlook.
When the school later turned off the ability for students to create chats, Dylan started to tinker and after nine months of self-study, exploration, and various attempts, he found a vulnerability that allowed him to take control of a group.
He realized that this was a real security flaw that Microsoft should fix, and submitted a report. Microsoft security researchers were so impressed by it that they rewrote the rules of the company's bug bounty program so that they could reward him.
Since then, Dylan has continued to dig into various Microsoft systems, finding additional vulnerabilities, and successfully argued for the company to reverse a decision that deemed a vulnerability outside of Microsoft's control. He took third place in Microsoft's Zero Day Quest competition in April 2025, despite still only being in high school.
Source: https://msrc.microsoft.com/blog/2025/07/rising-star-meet-dylan-msrcs-youngest-security-researcher/
In a new blog post, the Microsoft Security Response Center writes about "Dylan", a young man who has made a significant impact among security researchers at the large company in recent years.
It all started in 2020 during the pandemic. Dylan’s school was using Microsoft Teams, and after a while, the school administration turned off the ability for students to create meetings in the program. Dylan wanted to get around that obstacle and help his friends, and soon found a way to get around the rule using Outlook.
When the school later turned off the ability for students to create chats, Dylan started to tinker and after nine months of self-study, exploration, and various attempts, he found a vulnerability that allowed him to take control of a group.
He realized that this was a real security flaw that Microsoft should fix, and submitted a report. Microsoft security researchers were so impressed by it that they rewrote the rules of the company's bug bounty program so that they could reward him.
Since then, Dylan has continued to dig into various Microsoft systems, finding additional vulnerabilities, and successfully argued for the company to reverse a decision that deemed a vulnerability outside of Microsoft's control. He took third place in Microsoft's Zero Day Quest competition in April 2025, despite still only being in high school.
Source: https://msrc.microsoft.com/blog/2025/07/rising-star-meet-dylan-msrcs-youngest-security-researcher/
