So, did you know that by the end of the first day at Pwn2Own Berlin 2026, security researchers had already pocketed a cool $523,000 for uncovering 24 distinct zero-day vulnerabilities? It’s not exactly a surprise, but the sheer volume and the targets are what grab your attention. We’re talking about critical enterprise and consumer-facing software, the kind that forms the bedrock of how businesses operate and how we connect.
The headline grabber, undoubtedly, was Orange Tsai’s masterful demonstration. He managed to chain four logic bugs together, a feat that earned him a cool $175,000, all to achieve a sandbox escape within Microsoft Edge. Think about that for a second: four separate flaws, woven together like a particularly nasty knot, to get past the primary defenses of one of the world’s most widely used browsers. This isn’t just a simple glitch; it’s a carefully constructed cascade of vulnerabilities.
And Windows 11? It wasn’t spared. Three separate teams — Angelboy and TwinkleStar03 (a name that sounds like a cyberpunk band), Marcin Wiązowski, and Kentaro Kawane of GMO Cybersecurity — each walked away with $30,000 for demonstrating privilege escalation zero-days. This means they found ways to gain higher levels of access than they should have, a classic stepping stone for more sophisticated attacks.
Beyond the Microsoft ecosystem, the damage spread. Valentina Palmiotti, from IBM X-Force Offensive Research, snagged $20,000 for compromising Red Hat Linux for Workstations and then another fat $50,000 for a zero-day exploit targeting the NVIDIA Container Toolkit. The containerization world, increasingly the backbone of modern cloud deployments, just got a stark reminder that its security isn’t a foregone conclusion.
The AI Angle: Not Just Pretty Code
The race to exploit AI models and related infrastructure is also heating up. We saw k3vg3n chain three bugs to compromise LiteLLM, earning $40,000. Satoki Tsuji and haehae found zero-days in the NVIDIA Megatron Bridge, nabbing $20,000. And in a particularly concerning development for those relying on AI for coding, Compass Security and maitai of Doyensec both hacked OpenAI’s Codex coding agent, each collecting $40,000. This isn’t just about stealing code; it’s about potentially injecting malicious code or disrupting the very tools developers use to build secure applications.
Even the less prominent players in the AI toolkit space are targets. haehae dropped a Chroma zero-day for $20,000, and STARLabs SG took down an LM Studio zero-day for $40,000. These smaller tools, often integrated into larger workflows, represent potential weak links in the entire AI supply chain.
The DEVCORE Research Team is now leading the competition with $205,000, followed by Valentina Palmiotti with $70,000. This isn’t just about individual wins; it’s about sustained, high-level research.
What’s striking here is the sheer breadth of the attacks. We’re seeing exploitation across browsers, operating systems, containerization tech, and increasingly, AI development platforms. The prize pool for the entire contest exceeds $1 million, a proof to the complexity and high value of these vulnerabilities. Vendors are given a 90-day window to patch after disclosure; the clock is ticking.
What Does This Mean for Your Security Posture?
This isn’t just a technical exercise for a few dozen researchers. Pwn2Own Berlin, like its North American counterpart, is a high-stakes bellwether for the cybersecurity landscape. The zero-days discovered here are not theoretical. They represent active, exploitable pathways into systems that millions, if not billions, of users and businesses rely on daily. The fact that Windows 11 and Microsoft Edge, often considered strong, are repeatedly falling prey to sophisticated chaining techniques is a stark warning.
The trend towards chaining multiple, less severe bugs into a high-impact exploit is a critical development. Attackers no longer need one single, massive vulnerability. Instead, they can patiently assemble a chain, making defense all the more challenging. This requires a shift in security thinking – from simply patching known CVEs to actively looking for and mitigating complex attack paths.
And let’s not overlook the AI angle. The ability to compromise coding agents like OpenAI Codex is a direct threat to software integrity. Imagine a developer using a compromised tool that subtly injects backdoors into their code without them ever knowing. It’s the digital equivalent of a poisoned well, and the implications for supply chain security are profound.
Microsoft and NVIDIA, in particular, have significant work ahead. While the disclosure process allows for remediation, the speed at which these vulnerabilities are being weaponized in contests like this is a constant race against time. Expect to see patches, but also expect the next wave of attacks to target the vulnerabilities that weren’t found this week.
🧬 Related Insights
- Read more: Hospitals Are Ransomware Bait—Mock Drills Could Be Their Lifeline
- Read more: Initial Access Brokers Ditch Small Fry for Fat Corporate Wallets
Frequently Asked Questions
What kind of software was targeted at Pwn2Own Berlin 2026?
Security researchers targeted a wide range of software including Microsoft Edge, Windows 11, Red Hat Linux, NVIDIA Container Toolkit, LiteLLM, NVIDIA Megatron Bridge, OpenAI Codex, LM Studio, and Chroma.
How much money was awarded in total?
On the first day alone, security researchers collected $523,000 in cash awards for exploiting 24 unique zero-day vulnerabilities.
What is the typical disclosure period for these vulnerabilities?
Vendors generally have 90 days to release security fixes for their software and hardware products after the zero-day flaws are disclosed during the Pwn2Own competition.
