Overview
Our member competed on day 1 of Pwn2Own Berlin 2026 and successfully exploited two AI-related targets. The total prize was $28,000 and 3.75 Master of Pwn Points.
What is Pwn2Own
Pwn2Own is the premier hacking competition organized by Trend Micro's Zero Day Initiative (ZDI). Security researchers from around the world demonstrate exploits of previously undisclosed vulnerabilities (0-days) against real-world targets, and successful demonstrations are rewarded with substantial cash prizes and Master of Pwn Points.
Pwn2Own Berlin 2026 is being held over three days from May 14 to May 16, at the OffensiveCon venue in Berlin.
Contest Rules
Time Limits and Order
Each entry is given a 30-minute window, within which the contestant may attempt the exploit up to three times, with each attempt capped at 10 minutes.
The order of attempts against each target is determined by a random drawing held the day before the contest (May 13 this year). When multiple teams enter the same target, the drawing fixes the first, second, and subsequent attempt order. Prizes are reduced stepwise by attempt order: 100% for the first attempt, 50% for the second and third, and 25% for all remaining. This reduction applies even when the vulnerability is a unique 0-day independently discovered by the team, purely on the basis of attempt order. Master of Pwn Points, however, are not subject to attempt-order reduction and are awarded in full as long as the exploit is unique.
Bug Collisions
If a vulnerability prepared by a contestant is determined to already be known to the vendor or to have been previously reported by another researcher, it is treated as a "bug collision" and both the prize and Master of Pwn Points are reduced.
The reduction is calculated per bug: only the colliding portion of the exploit chain is discounted to 50%, while unique portions remain at 100%. For example, in a 4-bug chain in a $40,000 category with 2 colliding bugs, the 2 unique bugs are worth $20,000 (100%) and the 2 colliding bugs are worth $10,000 (50%), for a total of $30,000.
Day 1 Results
- NVIDIA Megatron Bridge (NVIDIA Category): $20,000 / 2.0 pts
- Exploited via an Overly Permissive Allowed List bug
- LiteLLM (Local Inference Category): $8,000 / 1.75 pts
- The on-stage exploit itself succeeded, but the bugs used were determined to be previously known. The entry was treated as a collision, and the bounty and points were reduced from the original $40,000 / 4.0 pts per the rules
Methodology and Disclosure Outside the Contest
Our vulnerability discovery is centered on LLM utilization combined with our members' expertise and manual analysis as a hybrid approach. The entries brought to this contest were also built using this method.
We submitted a total of three entries to this contest. However, due to the large number of participating teams this year and the rapid filling of category slots, approximately six additional products could not be entered. These vulnerabilities are being reported individually to each product's developer in accordance with responsible disclosure procedures.
On Technical Details
In accordance with Pwn2Own rules, the technical details of this entry will be published only after vendor fixes and Zero Day Initiative's coordinated disclosure process. At the time of this article, internal component details and PoCs are withheld.
Ongoing Vulnerability Research
We have developed a proprietary approach that leverages LLMs for vulnerability research, and we will continue investigating major software including AI and LLM stacks. Based on this hands-on vulnerability discovery expertise, we provide AI-driven security assessment and consulting services. If you are interested, please feel free to contact us.