Pwn2Own 2026: Exploit competition in Berlin (Image: Christopher Kunz / heise medien). Exploit specialists from around the world competed at the vulnerability competition and took home nearly $1.3 million in prize money. The conversations in the small room at Berlin’s Hilton Hotel fall silent as everyone stares at one of the three laptop-equipped tables. Two men sit there, one wearing earbuds, looking intently at the screens. Then a guttural shout: Sina Kheirkhah jumps up and covers his face with his hands in relief. He has just successfully executed an exploit against Claude Code and earned $40,000 for it. Or so he thinks at that moment. But later it turns out: the vulnerability found by Kheirkhah, a member of the “Summoning Team”, was already known to Claude maker Anthropic, and his reward is reduced to a quarter. Mainly due to mass discovery of vulnerabilities by AI, there were 42 percent more duplicates this year (10 instead of 7) – vulnerabilities already known to the manufacturer. AI as an executing agent. There were also withdrawals and non-functional exploits – possibly due to major security updates shortly before the event. Both the Microsoft patch day [2] and an extensive Firefox update [3] were just days away and apparently rendered some vulnerabilities harmless for the competition. In conversation with heise security, Brian Gorenc from ZDI saw the collisions as a good sign: many software vendors now find the same vulnerabilities as professional vulnerability hunters automatically using AI, the expert said. And thanks to AI support – which was permitted for participants just like video conferencing with colleagues at home – there were enough new zero-days, namely 47 in total. The ZDI paid out a total of $1,298,250 in prize money and, as is tradition, gave the successful participants the laptops on which they had demonstrated their exploits (“Pwn to own”). The winner of this year’s event was the DEVCORE team: prize money of $505,000, almost half the total prize pool, went to the Taiwanese. They brought exploits for the Microsoft products Sharepoint, Edge and Exchange to Berlin – the Exchange exploit even allowed complete server takeover. Discoverer Orange Tsai said in an interview that the exploit code was AI-generated, but based on his idea and instructions. Pwn2Own 2026: Researcher Orange Tsai demonstrates his Exchange exploit (Image: heise security / cku). When asked about the vulnerability at the edge of the “Disclosure Room”, the restricted access room for exploit verification, the attending employees of Microsoft’s Security Response Center (MSRC) were tight-lipped. The error was “interesting” and new, they at least acknowledged, and moderator Dustin Childs speculated that there would likely be a hastily scheduled night shift in Redmond for bug fixing. Pwn2Own takes place annually and was again located at the edge of the OffensiveCon security conference in 2026. In advance, the organizers had to reject many applicants – there simply were not enough time slots for the many, often AI-generated competition entries. All vulnerabilities found are made available to the affected manufacturers by the Zero Day Initiative at no cost. (cku [5]). URL of this article: https://www.heise.de/-11297824. Links in this article: https://www.heise.de/Datenschutzerklaerung-der-Heise-Medien-GmbH-Co-KG-4860.html. https://www.heise.de/news/Patchday-Microsoft-Kritische-DNS-Client-Luecke-bedroht-Windows-11292506.html. https://www.heise.de/news/Dank-KI-Im-April-so-viele-Firefox-Luecken-geschlossen-wie-vorher-in-zwei-Jahren-11287023.html. https://pro.heise.de/security/?LPID=39555_HS1L0001_27416_999_0&wt_mc=disp.fd.security-pro.security_pro24.disp.disp.disp. mailto:cku@heise.de. Copyright © 2026 Heise Medien
heise security News