Particle.news
Download on the App Store
4 ARTICLES
·
4d ago

Microsoft Profiles Teen Cybersecurity Whiz Who Redefined Its Bug Bounty Program

Microsoft highlights how Dylan’s discovery at 13 prompted an age-limit change that broadened its bug bounty program’s scope.

Image
Image
Dylan, a school student, has become one of Microsoft’s youngest and most celebrated security researchers, balancing studies and bug-hunting.

Overview

  • At 13, Dylan became the youngest MSRC collaborator after identifying a Teams vulnerability that let him take over any group chat.
  • His first official report led Microsoft’s Bug Bounty Team to lower its minimum participation age to 13.
  • Last summer, he filed 20 vulnerability reports—a major jump from six previously—and earned a spot on MSRC’s Most Valuable Researcher list in both 2022 and 2024.
  • In April 2025, Dylan placed third at Microsoft’s on-site Zero Day Quest event in Redmond, Washington, cementing his standing among top global researchers.
  • His detailed submission on the Authenticator Broker service prompted MSRC to expand its program scope to include new categories of vulnerabilities.