Overview

Our member competed on day 3 of Pwn2Own Berlin 2026 and successfully exploited OpenAI Codex in the Coding Agent Category. OpenAI Codex is an AI coding agent, and this entry stands as an exploitation case in the agent domain. The prize earned was $20,000 and 4.0 Master of Pwn Points.

The OffensiveCon badge, marker of a Pwn2Own contestant
The OffensiveCon badge, marker of a Pwn2Own contestant

What is Pwn2Own

Pwn2Own is the premier hacking competition organized by Trend Micro's Zero Day Initiative (ZDI). Security researchers from around the world demonstrate exploits of previously undisclosed vulnerabilities (0-days) against real-world targets, earning substantial cash prizes and Master of Pwn Points. This year's Pwn2Own Berlin 2026 was held over three days from May 14 to May 16 at the OffensiveCon venue in Berlin.

For details on the contest rules (time limits, attempt order drawing, prize reduction for subsequent attempts, bug collisions, etc.), please refer to the "Contest Rules" section in our day 1 article.

Day 3 Results

Minutes before the demonstration, at stage-side
Minutes before the demonstration, at stage-side
The moment of successful exploitation against OpenAI Codex
The moment of successful exploitation against OpenAI Codex

The initial prize value for this target was $40,000 and 4.0 Master of Pwn Points. The vulnerability used was an independently discovered, undisclosed 0-day with no overlap in exploit technique with other entries, so it is not a bug collision. However, as a subsequent entry against the same target, the prize was reduced to half ($20,000) per the rules. Master of Pwn Points were awarded in full at 4.0 points.

Disclosure Outside the Contest

Counting the two entries from day 1 and this article's entry, we submitted a total of three entries to this contest. However, due to the large number of participating teams this year and the rapid filling of category slots, approximately six additional products could not be entered. These vulnerabilities are being reported individually to each product's developer in accordance with responsible disclosure procedures.

In addition to the vulnerability used in this entry, our member has discovered another OpenAI Codex vulnerability that is also being reported individually to OpenAI.

On Technical Details

In accordance with Pwn2Own rules, the technical details of this entry will be published only after vendor fixes and Zero Day Initiative's coordinated disclosure process. At the time of this article, internal component details and PoCs are withheld.

Ongoing Vulnerability Research

We have developed a proprietary approach that leverages LLMs for vulnerability research, and we will continue investigating AI/LLM stacks, including AI agents, and other major software. As demonstrated by our exploitation of an AI agent in this contest, AI agents have become a real attack surface. Drawing on our hands-on vulnerability discovery expertise, we also provide security assessment and consulting services tailored to AI agents. If you are interested, please feel free to contact us.