**Pwn2Own Berlin 2026**, held at the **OffensiveCon** conference from May 14-16, focuses on enterprise technologies and artificial intelligence. Researchers had the opportunity to earn over $1,000,000 in cash and prizes by targeting fully patched products across various categories, including web browsers, enterprise applications, cloud-native/container environments, virtualization, local privilege escalation, servers, local inference, and LLMs. According to **Pwn2Own's** rules, all targeted devices run the latest operating system versions. Successful entries must compromise the target and demonstrate arbitrary code execution. Vendors are granted 90 days to patch the disclosed zero-days. ## Microsoft Exchange RCE via Chained Bugs The highlight of the second day was **Cheng-Da Tsai** (also known as **Orange Tsai**) of **DEVCORE Research Team**, who earned $200,000. Tsai achieved remote code execution with SYSTEM privileges on **Microsoft Exchange** by chaining three bugs. ## Other Notable Exploits * **Siyeon Wi** collected $7,500 for exploiting an integer overflow bug to hack **Windows 11**. * **Ben Koo** of Team DDOS escalated privileges to root on **Red Hat Enterprise Linux for Workstations**, earning a $10,000 cash prize. * **0xDACA** and **Noam Trobishi** leveraged a use-after-free bug to exploit the **NVIDIA Container Toolkit**. ## AI Targeted The AI category also saw significant action: * **Le Duc Anh Vu** of **Viettel Cyber Security** hacked the **Cursor AI** coding agent for $30,000. * **Sina Kheirkhah** of Summoning Team demoed an **OpenAI Codex** zero-day ($20,000). * **Compass Security** exploited **Cursor** ($15,000).  *Pwn2Own leaderboard (ZDI)* ## Day One Highlights On the first day, **Orange Tsai** earned $175,000 for chaining four logic bugs for a **Microsoft Edge** sandbox escape. **Valentina Palmiotti** (chompie) of **IBM X-Force Offensive Research** collected $20,000 for rooting **Red Hat Linux for Workstations** and $50,000 for an **NVIDIA Container Toolkit** zero-day. **Windows 11** was also compromised three times on day one by **Angelboy** and **TwinkleStar03** (working with the **DEVCORE Internship Program**), **Kentaro Kawane** of **GMO Cybersecurity**, and **Marcin Wiązowski**. Each earned $30,000 for demonstrating new privilege-escalation zero-days. ## Day Three Preview On the third day, targets included **Microsoft Windows 11**, **VMware ESXi**, **Red Hat Enterprise Linux**, **Microsoft SharePoint**, and various AI coding agents. ## Previous Year's Success During last year's **Pwn2Own Berlin** contest, **TrendMicro's Zero Day Initiative** awarded $1,078,750 for 29 zero-day flaws. ## The Validation Gap Automated pentesting tools deliver real value, but they were built to answer one question: can an attacker move through the network? They were not built to test whether your controls block threats, your detection rules fire, or your cloud configs hold. This guide covers the 6 surfaces you actually need to validate.