TrendAI has celebrated the efforts of the global security research community at Pwn2Own Berlin. Contestants discovered and disclosed 47 unique zero-day vulnerabilities across categories including AI databases, coding agents, web browsers, enterprise applications, servers, and more.
Sharda Tickoo, Country Manager for India and SAARC at TrendAI: “TrendAI uses the deepest threat intelligence in the industry to protect our customers. We use the vulnerabilities discovered at Pwn2Own to empower vendors to patch these vulnerabilities quickly, while also offering our customers protection well ahead of the rest of the industry via virtual patching. As AI tools and infrastructure continue to become central to businesses functions, staying ahead of vulnerabilities will be as critical as ever.”
NVIDIA joined the event as a first-time sponsor of Pwn2Own, bringing its own category of products for researchers to target for vulnerability disclosures. Megatron Bridge, NV Container Toolkit, and Dynamo were included.
The disclosures made through the ZDI at Pwn2Own and year-round allow vendors to quickly understand and fix vulnerabilities before cybercriminals exploit them, ultimately benefiting organizations and end users of the impacted software or hardware. ZDI research has shown that vendors are increasingly neglecting to patch software vulnerabilities that are disclosed to them. Through ZDI’s coordinated disclosure process, TrendAI Vision One customers receive are protected an average of three months ahead of the rest of the industry.
Highlights from the event included:
- Orange Tsai (@orange_8361) of DEVCORE Research Team chained 3 bugs to achieve Remote Code Execution as SYSTEM on Microsoft Exchange, earning $200,000. They also chained 4 logic bugs to achieve a sandbox escape on Microsoft Edge, earning $175,000.
- Splitline (@splitline) of DEVCORE Research Team chained 2 bugs to exploit Microsoft SharePoint, earning $100,000.
- Nguyen Hoang Thach (@hi_im_d4rkn3ss) of STARLabs SG (@starlabs_sg) used a Memory Corruption bug to exploit VMware ESXi with the Cross-tenant Code Execution add-on, earning $200,000 and 20 Master of Pwn points.
- Chompie of IBM X-Force Offensive Research (XOR) used a single bug to exploit NV Container Toolkit, earning $50,000.
A total of $1,298,250 in prizes were awarded to the participants. The next competition, Pwn2Own Cork, will be held in October.
