Pwn2Own Berlin 2026 concluded on May 18, 2026 with researchers demonstrating zero-day exploits across multiple competition categories and earning $1.3 million in total prizes. Targets included Windows 11, Microsoft Edge, Red Hat Linux, Nvidia, and — for the first time in the competition’s history — dedicated AI agent platform targets. Successful compromises across all AI category targets marked Pwn2Own’s first public validation that enterprise AI tooling presents a distinct and exploitable attack surface.
Final Results: $1.3 Million Awarded Across Windows, Linux, Nvidia, and AI Targets
The competition ran across three days, with researchers competing across categories covering operating systems, browsers, virtualization, and container infrastructure, alongside the newly added AI platform targets. The $1.3 million in prizes awarded across the full event reflects the scope of successfully demonstrated exploits, with each category carrying separate prize tiers based on target difficulty and exploit complexity.
Under Pwn2Own rules administered by Trend Micro’s Zero Day Initiative, all demonstrated vulnerabilities were reported to affected vendors immediately following demonstration. Vendors have a defined window to release patches before ZDI publishes full technical details publicly.
AI Agent Platforms: First Pwn2Own Category Produces Successful Exploits on All Targets
The AI agent category, introduced for the first time in Pwn2Own Berlin 2026, produced successful exploits across all dedicated AI platform targets. These platforms are used in enterprise environments to build, deploy, and manage AI-powered applications and agents.
A clean sweep of every AI category target at the competition’s inaugural inclusion of AI tooling provides concrete evidence that these platforms carry exploitable vulnerabilities. Enterprise deployments of AI agent frameworks that handle sensitive data or have access to other systems now have demonstrated exploit paths that will require patching within the ZDI disclosure window.
The 90-Day Vendor Window and What Comes Next for Affected Platforms
Microsoft, Red Hat, Nvidia, and the operators of the AI platforms all received vulnerability reports from ZDI immediately following the demonstration of exploits against their products. Each has a defined window to issue patches before ZDI releases public technical disclosures. For actively maintained commercial products such as Windows 11 and Microsoft Edge, patches typically arrive within the standard Patch Tuesday cycle. For open-source AI frameworks in the category, release timelines depend on the maintainers’ development velocity.
The AI category results carry implications beyond the individual platforms exploited. Pwn2Own’s track record — where winning exploits frequently represent vulnerability classes that other researchers independently discover and exploit in the wild — means the defined vendor window is the period in which fixes must ship before the demonstrated attack paths become more widely known outside the controlled competition environment.
The zero-days demonstrated at Pwn2Own Berlin 2026 collectively represent a significant cross-section of the enterprise software stack: container infrastructure through Nvidia, the browser layer through Edge, the OS layer through Windows 11 and Red Hat Linux, and — newly — the AI application layer.
