Ikotas Labs Wins $48,000 at World's Premier Hacking Contest 'Pwn2Own Berlin 2026' by Discovering Undisclosed Vulnerabilities in NVIDIA and OpenAI Products

Overview

Ikotas Labs Co., Ltd. (Representative: Tomoki Tsuji, hereinafter referred to as Ikotas Labs) successfully executed consecutive exploits using undisclosed 0-day vulnerabilities against all three targets, including the world's most advanced AI products provided by NVIDIA and OpenAI, at the world's premier hacking contest "Pwn2Own Berlin 2026" (held May 14-16, 2026 / Berlin, Germany) hosted by Trend Micro's Zero Day Initiative (ZDI). The team secured a total prize of $48,000 (approximately 7.6 million yen) and 7.75 Master of Pwn Points.

This achievement signifies that Ikotas Labs independently discovered critical unknown vulnerabilities in the core products of NVIDIA and OpenAI—two giants reigning at the pinnacle of the AI industry—that even the vendors themselves were unaware of, and successfully executed exploits on actual devices on a stage watched by researchers worldwide. In particular, the arbitrary code execution (RCE) exploit against the AI coding agent "OpenAI Codex," publicly demonstrated on the final day, is a result that proved that AI agents, which are explosively spreading worldwide, are no longer just convenient tools but can become realistic targets of attack.

What is Pwn2Own - The World's Premier Hacking Tournament Gathering Top Hackers Worldwide

Pwn2Own Berlin 2026

Pwn2Own is the world's premier hacking competition hosted by the Zero Day Initiative (ZDI) under Trend Micro. Elite security researchers selected from around the world demonstrate raw exploits using undisclosed unknown vulnerabilities (0-day) in live environments, and high prize money and Master of Pwn Points are awarded only for successful demonstrations. As the name "Hack a product to Own it (Pwn)" suggests, participants are required to possess the technical prowess to hack software globally, and simply earning the right to compete is internationally recognized as proof of being a top-tier hacker.

This year's Pwn2Own Berlin 2026 saw a significant expansion in the AI agent domain as a new category, monopolizing the attention of researchers, vendors, and media globally.

3-Day Results - Total Prize $48,000 / 7.75 Master of Pwn Points

Ikotas Labs successfully executed exploits in all three entries for which they won limited participation slots.

Day 1: NVIDIA Megatron Bridge - Prize $20,000 / 2.0 Pts
Day 1: LiteLLM - Prize $8,000 / 1.75 Pts
Day 3: OpenAI Codex - Prize $20,000 / 4.0 Pts

Day 1: Taking Down NVIDIA Megatron Bridge and LiteLLM

On the first day, the team successfully took remote control (RCE) via an exploit targeting an Overly Permissive Allowed List vulnerability in NVIDIA Megatron Bridge, a core component of generative AI training infrastructure. Subsequently, they also completed an exploit on stage against LiteLLM, which has been explosively adopted as an LLM operational platform worldwide.

Day 3: Successful Arbitrary Code Execution on AI Coding Agent OpenAI Codex

On the final day, the team publicly demonstrated an arbitrary code execution (RCE) exploit utilizing a proprietary method exploiting External Control, targeting Codex, an AI coding agent provided by OpenAI. The vulnerability was an unannounced 0-day discovered entirely independently by our members, and as it was completely unique without overlap with other teams, the Master of Pwn Points was certified at the maximum stipulated 4.0 points.

AI agents are now writing production code and operating production environments at the hands of engineers worldwide. What if those AI agents themselves were hijacked by attackers via RCE? Ikotas Labs proved before the world's eyes that this "nightmare that could happen in reality" is not just a theoretical concept.

Furthermore, apart from what was demonstrated at this contest, the Op