The Pwn2Own Berlin 2025 cybersecurity showdown has kicked off with a bang, awarding $260,000 to white-hat hackers on just the first day. Hosted by Trend Micro’s Zero Day Initiative (ZDI), this year’s competition introduced a new and timely category: AI application hacking.
Leading the AI-focused highlights, Sina Kheirkhah from the Summoning Team made history as the first-ever winner in the new AI category. He earned $20,000 for successfully targeting the Chroma open-source AI application database. Kheirkhah didn’t stop there—he bagged another $15,000 by exploiting an NVIDIA Triton Inference Server vulnerability. However, this second exploit was classified as a “collision” since NVIDIA was already aware of the issue but hadn’t released a patch.
Viettel Cyber Security also earned $15,000 for exploiting a different unpatched flaw in the same NVIDIA server, demonstrating how AI infrastructure is becoming an increasingly attractive target for ethical hackers.
The largest single payout of the day, $60,000, went to Star Labs for an advanced exploit chain. Their team uncovered a Linux kernel vulnerability, leveraged it to break out of Docker Desktop, and gained code execution privileges on the host system. It was a textbook example of a full container escape executed flawlessly.
Team Prison Break followed closely, taking home $40,000 for breaching Oracle VirtualBox and gaining code execution on the host machine.
Meanwhile, other researchers scored rewards ranging from $15,000 to $30,000 for successfully compromising systems including Red Hat Linux and Microsoft Windows 11.
And the hacking isn’t over yet. Across the next two days, security researchers will continue probing high-value enterprise targets like Microsoft SharePoint, VMware ESXi and Workstation, Firefox, Redis, VirtualBox, Red Hat, Windows 11, and more NVIDIA components—including its Container Toolkit and Triton Inference Server.
