Breaking Boundaries – 13-Year-Old Dylan Teams Up with Microsoft’s Security Experts

In a field often dominated by seasoned professionals, 13-year-old Dylan has turned heads by becoming the youngest researcher to collaborate with the Microsoft Security Response Center (MSRC).

His journey combines early curiosity, technical prowess, and a drive to enhance digital safety for millions, providing an inspiring blueprint for aspiring cybersecurity enthusiasts of any age.

From Scratch to Security – The Making of a Young Researcher

Dylan’s fascination with coding began in elementary school with Scratch, the visual programming language beloved by kids worldwide.

Where others saw a game, Dylan glimpsed the architecture of technology, quickly advancing to HTML and dissecting the source code of educational software.

By fifth grade, he was experimenting with platform functionalities, including unlocking games before lesson completion, a misadventure that would foreshadow his future as a security researcher.

His problem-solving instincts gained a sharper edge during the COVID-19 pandemic, when school restrictions limited students’ ability to create Teams meetings.

Dylan ingeniously leveraged Outlook to restore his classmates’ connectivity, not to break rules, but to foster a sense of community in an isolating time.

This marked the first of several creative “workarounds” that would soon evolve into proper security research.

Technical Triumphs – Vulnerabilities and Responsible Disclosure

The pivotal moment in Dylan’s journey occurred when his school blocked the creation of Teams chats. Rather than giving up, Dylan immersed himself in self-study, poring over documentation and experimenting with platforms.

After nine months, he discovered a significant vulnerability: a design flaw allowing takeover of any Teams group, exposing the potential for privilege escalation and data compromise.

Dylan responsibly disclosed his findings to Microsoft’s Bug Bounty program, prompting a landmark policy change that allowed researchers as young as 13 to participate.

Since then, he has filed over 20 vulnerability reports, including a critical Authenticator Broker issue that was initially deemed out of scope.

Through clear technical communication and persistence, Dylan convinced MSRC of the risk’s broader impact. As a result, Microsoft expanded the scope of its bug program, underscoring its influence.

Recognition, Resilience, and What’s Next

Dylan’s partnership with MSRC has blossomed, earning him spots on the Most Valuable Researcher list in 2022 and 2024. In April 2025, he clinched 3rd place at Microsoft’s Zero Day Quest, competing against top-tier security experts on a global stage.

Yet the road wasn’t always smooth; misunderstood reports and a health crisis that temporarily robbed him of his voice tested his resilience.

With the support of his family, Dylan’s determination only grew. Now a high school junior balancing academics, Science Olympiad, and music, he remains deeply involved in security research.

Dylan’s story proves that innovation, ethical hacking, and meaningful impact are within reach, no matter your age. With dreams of attending future security conferences and continuing to expand his expertise, this remarkable teen’s journey is just beginning.