Last week TrendAI™ celebrated the efforts of the global security research community at Pwn2Own Berlin. Pwn2Own Berlin is one of the world’s leading ethical hacking competitions, organised by Trend Micro’s Zero Day Initiative (ZDI) and hosted alongside the OffensiveCon cybersecurity conference in Berlin.
Contestants, also referred to as “security researchers”, discovered and disclosed 47 unique zero-day vulnerabilities across categories including AI databases, coding agents, web browsers, enterprise applications, servers, and more.
The 2026 event became one of the largest and most significant event yet, with researchers earning more than $1.2 million in prize money over three days. Targets included Microsoft Windows and Exchange, VMware ESXi, NVIDIA platforms, containers, AI coding agents, local AI inference tools and cloud-native technologies.
Rachel Jin, Head of TrendAI, commented:
“TrendAI™ uses the deepest threat intelligence in the industry to protect our customers. We use the vulnerabilities discovered at Pwn2Own to empower vendors to patch these vulnerabilities quickly, while also offering our customers protection well ahead of the rest of the industry via virtual patching. As AI tools and infrastructure continue to become central to businesses functions, staying ahead of vulnerabilities will be as critical as ever.”
NVIDIA joined the event as a first-time sponsor of Pwn2Own, bringing its own category of products for researchers to target for vulnerability disclosures. Megatron Bridge, NV Container Toolkit, and Dynamo were included.
The disclosures made through TrendAI™ ZDI at Pwn2Own and year-round allow vendors to quickly understand and fix vulnerabilities before cybercriminals exploit them, ultimately benefiting organisations and end users of the impacted software or hardware.
TrendAI™ research has shown that vendors are increasingly neglecting to patch software vulnerabilities that are disclosed to them. Through TrendAI™ ZDI’s coordinated disclosure process, TrendAI Vision One™ customers receive are protected an average of three months ahead of the rest of the industry.
Highlights from the event included:
- Orange Tsai (@orange_8361) of DEVCORE Research Team chained 3 bugs to achieve Remote Code Execution as SYSTEM on Microsoft Exchange, earning $200,000. They also chained 4 logic bugs to achieve a sandbox escape on Microsoft Edge, earning $175,000.
- Splitline (@splitline) of DEVCORE Research Team chained 2 bugs to exploit Microsoft SharePoint, earning $100,000.
- Nguyen Hoang Thach (@hi_im_d4rkn3ss) of STARLabs SG (@starlabs_sg) used a Memory Corruption bug to exploit VMware ESXi with the Cross-tenant Code Execution add-on, earning $200,000 and 20 Master of Pwn points.
- Chompie of IBM X-Force Offensive Research (XOR) used a single bug to exploit NV Container Toolkit, earning $50,000.
A total of $1,298,250 in prizes were awarded to the participants. The next competition, Pwn2Own Cork, will be in 2026, it is generally held in October.
Related Post: Christina Decker is now Vice President Strategic Channels Europe at TrendAI
Related Post: Matthew Peacock recently joined TrendAI in the position of Channel Account Manager.
