Zero-days vanish.
The annual Pwn2Own Berlin hacking contest, a crucible for cutting-edge vulnerability discovery, just wrapped up, leaving a trail of meticulously exploited systems and a hefty payload for the victors. Security researchers walked away with a cool $1,298,250 after uncovering and demonstrating 47 previously unknown flaws, or zero-days, in fully patched enterprise software and AI models. This isn’t just about finding bugs; it’s about a high-stakes arms race played out on a global stage, showcasing the ever-present, often invisible, threats lurking beneath the surface of our digital infrastructure.
The competition, held at the OffensiveCon conference from May 14th to 16th, zeroed in on the technologies that power modern business and the emerging artificial intelligence tools that promise to reshape it. Browsers, enterprise applications, servers, cloud-native environments, virtualization platforms, and critically, Large Language Models (LLMs) were all fair game. Think of it as a live-fire exercise for the digital world’s most sophisticated defenders, albeit with the attackers holding all the cards of surprise.
Early returns on day one were strong, with $523,000 distributed for 24 unique zero-days. Day two saw an additional $385,750 awarded for 15 more discoveries. The final day, often where the most complex chains emerge, tacked on another $389,500 for eight critical vulnerabilities. This steady drip of high-value findings underscores the sheer volume of undiscovered issues that persist even in supposedly hardened systems.
DEVCORE, a formidable force in the bug-hunting arena, clinched the coveted Master of Pwn title this year, amassing an impressive 50.5 points and a staggering $505,000. Their mastery was on full display as they dissected Microsoft SharePoint, Microsoft Exchange, Microsoft Edge, and Windows 11. Hot on their heels were STARLabs SG, raking in $242,500 (25 points), and Out Of Bounds, securing $95,750 (12.75 points). These teams aren’t just finding bugs; they’re architecting complex attack paths that often involve chaining multiple vulnerabilities together.
The individual bounty of the contest? A cool $200,000, claimed by Cheng-Da Tsai, known in researcher circles as Orange Tsai, also from the DEVCORE Research Team. His feat? A breathtaking chain of three bugs on Microsoft Exchange, ultimately granting him remote code execution with SYSTEM privileges – the digital equivalent of walking through the front door and being handed the keys to the kingdom.
The competition’s highest reward was $200,000, awarded to Cheng-Da Tsai (also known as Orange Tsai) of the DEVCORE Research Team after chaining three bugs to gain remote code execution with SYSTEM privileges on Microsoft Exchange.
Tsai’s exploits weren’t limited to Exchange. He also nabbed $175,000 for a Microsoft Edge sandbox escape that involved a clever string of four logic bugs. Windows 11, that ever-present target, was compromised three times over the course of the event. Meanwhile, Valentina Palmiotti of IBM X-Force Offensive Research snagged $70,000 for not one, but two significant findings: rooting Red Hat Enterprise Linux for Workstations and exploiting a zero-day in NVIDIA’s Container Toolkit. The latter, in particular, hints at the expanding attack surface within modern AI infrastructure.
Day two continued the onslaught with more Windows 11 privilege escalation, further breaches of Red Hat Enterprise Linux, and crucially, zero-days found in multiple AI coding agents. This is where things get particularly interesting, as these agents, designed to assist developers, could become potent tools in the hands of attackers if compromised. On the final day, Windows 11 and Red Hat Enterprise Linux were targeted again, alongside a memory corruption bug that led to the exploitation of VMware ESXi, a cornerstone of many cloud and virtualization deployments.
The aftermath of Pwn2Own is a predictable dance. Vendors are granted a 90-day window to develop and deploy patches before Trend Micro’s Zero Day Initiative (ZDI), the organization behind the contest, publicly discloses the vulnerabilities. This gives them a chance to remediate, but it also means that for a significant period, these zero-days exist in the wild, known only to the researchers and the ZDI. It’s a system designed to incentivize discovery while mitigating immediate widespread risk – a necessary compromise in the constant battle for digital security. Last year’s Berlin event, for comparison, saw ZDI award over $1 million for 29 zero-days, indicating a clear upward trend in both the number and value of discovered flaws.
Why Does Pwn2Own Matter for Enterprise Security?
This isn’t just a game for bragging rights or a payday for elite hackers. The vulnerabilities demonstrated at Pwn2Own represent the bleeding edge of what’s possible with exploit development. They highlight weaknesses in fundamental components that organizations rely on daily. When a platform as ubiquitous as Microsoft Exchange or Windows 11 is shown to have exploitable flaws, it sends a shiver through any IT department. More importantly, the focus on AI coding agents and containerization reflects the shifting landscape of threats. As organizations adopt new technologies, attackers are quick to find the new attack vectors.
What’s the Architectural Shift Here?
The most significant architectural shift is the inclusion and success of exploits against AI systems, specifically LLMs and AI coding agents. For years, bug bounty programs and contests have focused on traditional software stacks – operating systems, browsers, web applications. Now, the very tools designed to accelerate development and analysis are becoming prime targets. This implies a need for new security paradigms, not just for the AI models themselves, but for the infrastructure and pipelines that support them. It’s no longer just about patching CVEs in your web server; it’s about understanding how an attacker could weaponize the AI that writes your code or analyzes your data. The success of chained exploits, like Orange Tsai’s work, also points to a more systemic problem: seemingly minor flaws can combine to create catastrophic outcomes. This necessitates a move towards more holistic security, where the interaction between components is as scrutinized as the components themselves.
The sheer dollar amount is eye-popping, yes. But the real story here is how deeply embedded and yet how fragile the foundations of enterprise and AI computing remain. The researchers at Pwn2Own Berlin 2026 have once again reminded us that the attackers are always innovating, and so must we.
🧬 Related Insights
- Read more: [Data] 1% of Alerts Hide a Missed Breach Weekly
- Read more: Uncle Sam Goes Ghostbusters on Southeast Asian Scammers: Is It Enough?
Frequently Asked Questions
What is Pwn2Own Berlin? Pwn2Own Berlin is a cybersecurity competition where security researchers demonstrate previously unknown vulnerabilities, known as zero-days, in enterprise software and hardware for cash prizes and prestige.
How much did hackers earn at Pwn2Own Berlin 2026? Hackers earned a total of $1,298,250 for exploiting 47 zero-day flaws at Pwn2Own Berlin 2026.
Will the vulnerabilities found be patched? Yes, the vendors whose products were exploited have 90 days to release security patches before Trend Micro’s Zero Day Initiative publicly discloses the vulnerabilities.
