The Pwn2Own Berlin 2026 event concluded with hackers earning an impressive $1.3 million for successfully exploiting vulnerabilities in various software and hardware platforms. Major targets included Windows, Linux, VMware, Nvidia, and AI products. This renowned competition, organized by TrendAI’s Zero Day Initiative (ZDI), saw participants identifying 47 unique vulnerabilities and receiving a total of $1,298,250 in rewards.
Top Performers and Their Achievements
Two teams, Devcore and StarLabs SG, dominated the event by capturing nearly $750,000 of the total prize money. Devcore achieved the highest individual payout, securing $200,000 for a remote code execution exploit on Microsoft Exchange with System privileges. Additionally, they earned $175,000 for a sandbox escape on Microsoft Edge and $100,000 for exploiting Microsoft SharePoint.
StarLabs SG made headlines with a successful VMware ESX exploit, earning $200,000. This exploit featured a cross-tenant code execution add-on, showcasing their technical prowess. VMware had previously announced that participants could earn up to $200,000 for ESX exploits, making this achievement particularly noteworthy.
AI Product Vulnerabilities and Other Exploits
AI products were a significant focus this year, with numerous successful attempts. Participants were awarded $40,000 for exploiting vulnerabilities in LiteLLM, OpenAI Codex, and LM Studio. Additional exploits included Cursor and Ollama, which earned hackers $15,000 to $30,000, and $28,000 respectively, the latter involving a known vulnerability.
There were also significant rewards for vulnerabilities in OpenAI Codex, Claude Code, LM Studio, NVIDIA Megatron Bridge, and Chroma, each earning $20,000. Collectively, the event demonstrated the ongoing challenges and opportunities in securing AI technologies.
Challenges and Future Outlook
Despite numerous successes, eight attempts failed, targeting platforms such as Oracle Autonomous AI Database, Safari, and Red Hat Enterprise Linux. This highlights the complexity and evolving nature of cybersecurity challenges.
International Cyber Digest reported that some teams were unable to participate due to a lack of available slots, leading certain hackers to directly disclose their findings to vendors or publicly share their exploits. This underscores the high demand and competitive nature of such events.
Looking ahead, the insights gained from Pwn2Own are expected to drive advancements in cybersecurity measures, particularly in the AI domain. As vulnerabilities continue to emerge, the cybersecurity community remains vigilant in addressing these threats.
