Two AI coding agents fell at Pwn2Own Berlin 2026 on day two, with researchers pocketing $65,000 for zero-days in Cursor and OpenAI Codex. If you’re running either tool in your dev stack, those vulnerabilities are live right now.
The competition, held at OffensiveCon in Berlin from May 14-16, focuses on enterprise technologies and AI. The event’s total prize pool exceeds $1,000,000. Day two alone paid out $385,750 across 15 unique zero-days spanning Windows 11, Microsoft Exchange, Red Hat Enterprise Linux, and the NVIDIA Container Toolkit.
For the AI category: Le Duc Anh Vu of Viettel Cyber Security earned $30,000 hacking Cursor, Sina Kheirkhah of Summoning Team demonstrated an OpenAI Codex zero-day for $20,000, and Compass Security extracted another $15,000 exploiting Cursor again. Two separate teams found independent Cursor vulnerabilities on the same day.
The practical exposure is real. Any team running these tools is sitting on unpatched code. Under Pwn2Own’s rules, vendors won’t disclose zero-day details for 90 days.
The biggest single prize on day two went to Orange Tsai of DEVCORE, who chained three bugs for remote code execution with SYSTEM privileges on Microsoft Exchange, earning $200,000. Tsai also earned $175,000 on day one for a Microsoft Edge sandbox escape.
Day three targets include Windows 11, VMware ESXi, Red Hat Enterprise Linux, Microsoft SharePoint, and several AI coding agents. Last year’s Berlin edition paid $1,078,750 across 29 flaws.
— Nathan Zakhary