Microsoft has published a blog about one of its youngest and most outstanding security researchers. Rising star ‘Dylan’ began his relationship with Microsoft at age 13, and it has been revealed that he is the single reason why the software giant updated its Bug Bounty Program terms to allow 13-year-olds to participate, a few years back.
Since that incredibly early start with Microsoft, Dylan has gone on to be named on the Microsoft Security Response Center (MSRC) Most Valuable Researcher list for both 2022 and 2024. The Microsoft blog also noted that he “competed at Microsoft’s Zero Day Quest—a premier onsite hacking event in Redmond, Washington—and took home 3rd place” in April 2025.
In the beginning
As per our headline, Dylan’s remarkable path to becoming a rising star at Microsoft started at age 13. Well before that, he began to carve his path in computing, pre-teens, by learning Scratch, followed by HTML, and then moving on to other languages.
The Microsoft blog says that he was “analyzing source code behind educational platforms” by age 10 or 11 (5th grade), and actually got in a little trouble for unlocking games on school computers using these newly acquired skills.
“The world of responsible disclosure”
Dylan’s brush against the wrong side of rules and regulations continued with his bypassing of student access restrictions to networks during the COVID-19 lockdown era. However, he didn’t stray too far into black hat territory. His next ‘breakthrough’ was when “he discovered a vulnerability that let him take over any Teams group.” Importantly, he decided to tell Microsoft (MSRC) about this, and that “marked his entry into the world of responsible disclosure.”
Shortly after this milestone, Dylan submitted his first official vulnerability report to Microsoft, and this is when the Bug Bounty Program terms were modified to place him, and any other 13-year-olds, under its wings. Thus, he officially became the “youngest security researcher to collaborate with the Microsoft Security Response Center (MSRC).”
With his general education still to contend with, and the natural requirement to balance studies with some physical hobbies and activities, it also seems remarkable that Dylan has continued to make big contributions to MSRC.
He is still a junior in high school (likely age 16 or 17), according to the new Microsoft blog post. However, he “filed 20 vulnerability reports last summer alone—up from just six total beforehand,” in what must have been limited free time. Moreover, in April, Dylan came 3rd in Microsoft’s Zero Day Quest hack event.
Even with so many outstanding milestones of success under his belt, Dylan is said to view computer security merely as a rewarding hobby. After academia, Dylan may continue work in the cybersecurity realm, but he seems to be equally open to “science, or civics.”
Still, Dylan looks forward to attending security conferences when old enough, meeting fellow researchers, and learning from the best.
Follow Tom's Hardware on Google News to get our up-to-date news, analysis, and reviews in your feeds. Make sure to click the Follow button.
