Pwn2Own Berlin 2026 Hits Capacity as Rejected Hackers Release 0-Days

Since its debut in 2007, Pwn2Own has become the premier live hacking competition, drawing top security researchers to demonstrate zero‑day exploits on real hardware. The 2026 Berlin edition, hosted by Trend Micro’s Zero Day Initiative, reached a hard capacity limit before the official start, highlighting an operational bottleneck: the event can only process a finite number of live exploit chains due to the intensive verification and staging required. This unprecedented early closure signals that the contest’s traditional format may be outpaced by the volume of modern vulnerability research.

A key driver of the overload is the rapid adoption of generative‑AI tools in exploit development. Platforms such as Claude Code, GitHub Copilot, Cursor, Ollama and LM Studio enable researchers to automate code analysis, fuzzing and payload generation, compressing weeks of work into days. According to Palisade Research, AI‑augmented workflows are now producing exploit chains at a speed that outstrips the manual testing capacity of events like Pwn2Own. This shift forces organizers to rethink logistics, perhaps by expanding virtual tracks or introducing AI‑specific categories, to accommodate the new pace of discovery without sacrificing rigor.

The fallout from the capacity crunch is already visible: dozens of rejected teams have opted for “revenge disclosures,” publishing their findings directly to vendors and the public. Groups like xchglabs revealed 86 flaws across NVIDIA, Docker, Linux KVM and PyTorch, while others exposed critical bugs in Firefox and Oracle’s Autonomous AI Database. These public releases can pre‑empt the contest’s secrecy, turning potential prize‑winning zero‑days into n‑day vulnerabilities that are patched before the stage. For the industry, the episode underscores the need for faster coordinated disclosure processes and may accelerate the evolution of bug‑bounty models toward more scalable, AI‑aware frameworks.