Pwn2Own Berlin 2026 Shatters Records with 47 Zero-Days, AI Security Takes Center Stage
The Pwn2Own Berlin 2026 hacking competition saw a record $1.29 million awarded for the exploitation of 47 zero-day vulnerabilities, with AI-powered targets and tools dominating the event.
Pwn2Own Berlin 2026, the premier hacking competition organized by Trend Micro's Zero Day Initiative (ZDI), concluded by setting new benchmarks, with researchers discovering and successfully exploiting 47 unique zero-day vulnerabilities across ten target categories. The event, co-located with OffensiveCon in Berlin, awarded a record-breaking $1,298,250 in prize money, underscoring the significant security flaws uncovered in widely deployed software.
The competition saw a dramatic shift towards AI-related targets, with dedicated sub-categories for AI Databases, Coding Agents, Local Inference, and NVIDIA products. These AI-focused areas were the primary focus on the opening day, with researchers successfully compromising platforms such as OpenAI Codex, LiteLLM, LM Studio, and NVIDIA Megatron Bridge. The common thread among these exploits was the "trust boundary problem," where AI products implicitly trust external tools or protocols without adequate validation, leading to root-level code execution.
Beyond the AI landscape, traditional enterprise software also proved vulnerable. Microsoft Exchange and SharePoint were targeted with critical remote code execution (RCE) vulnerabilities, including a pre-authentication RCE for SharePoint. Microsoft Edge also succumbed to a four-bug sandbox escape. In a significant finding for multi-tenant environments, VMware ESXi was exploited to achieve a guest-to-host escape, posing substantial risks to infrastructure security.
AI's influence extended beyond the target list, as most participating research teams reported using AI agents as integral tools in their vulnerability discovery and exploit development processes. This widespread adoption of AI in offensive security research signals a potential acceleration in the discovery and exploitation of new vulnerabilities, compressing the timeline between product release and the availability of working exploits.
The DEVCORE Research Team emerged as the dominant force, clinching the Master of Pwn title with 50.5 points and $505,000 in prize money. STARLabs SG secured second place, followed by Out of Bounds in third, highlighting the intense competition and the high caliber of research presented.
Trend Micro's TrendAI™ platform played a crucial role in observing the competition and providing proactive protection. By May 19, ahead of vendor patches, TrendAI™ TippingPoint™ filters were developed to cover vulnerabilities in LiteLLM, Edge, Exchange, and SharePoint. For AI-specific vulnerabilities where traditional network inspection is challenging, TrendAI Vision One™ is recommended for endpoint-layer detection.
All vulnerabilities demonstrated at Pwn2Own are disclosed to affected vendors, who are given 90 days to issue patches before TrendAI™ ZDI publishes full technical details. This coordinated disclosure model aims to ensure that customers are protected during the critical window between disclosure and patch availability, reinforcing ZDI's mission to find and fix critical vulnerabilities.
The success and capacity-outreach of Pwn2Own Berlin 2026, with submissions closing early due to high demand, indicates a growing interest and participation in bug bounty programs, further fueled by the evolving threat landscape shaped by AI technologies.