Imagine a world where your car’s entertainment system, charging station, or even its operating system could be hijacked by hackers—and it’s happening right now. On the second day of Pwn2Own Automotive 2026, security researchers exposed a staggering 29 zero-day vulnerabilities, pocketing $439,250 in cash rewards for their discoveries. But here’s where it gets even more alarming: this isn’t just about winning prizes—it’s about uncovering critical flaws in the technology we trust every day.
Held in Tokyo, Japan, from January 21 to 23, this annual hacking contest focuses on automotive technologies, coinciding with the Automotive World conference (https://www.automotiveworld.jp/tokyo/en-gb.html). During the event, researchers target fully patched systems like electric vehicle (EV) chargers, in-vehicle infotainment (IVI) systems, and car operating systems such as Automotive Grade Linux. These aren’t just theoretical attacks—they’re real-world exploits that could compromise your safety and privacy.
And this is the part most people miss: the competition isn’t just about breaking things; it’s about fixing them. Vendors have 90 days to patch these vulnerabilities before they’re publicly disclosed by TrendMicro’s Zero Day Initiative. But with over $955,750 awarded for 66 zero-days in just two days, the scale of the problem is hard to ignore.
Leading the charge is Fuzzware.io, which has earned $213,000 so far, including an additional $95,000 for hacking devices like the Phoenix Contact CHARX SEC-3150 charging controller and the Grizzl-E Smart 40A EV charging station. Sina Kheirkhah of Summoning Team secured $40,000 for rooting devices such as the Kenwood DNR1007XR navigation receiver, while Rob Blakely and Hank Chen each earned $40,000 for targeting Automotive Grade Linux and the Alpitronic HYC50 charging station.
On day three, the action continues with teams like Slow Horses of Qrious Secure and PetoWorks targeting the Grizzl-E Smart 40A, while Juurin Oy takes on the Alpitronic HYC50. But here’s the controversial part: as these vulnerabilities are exposed, it raises questions about the security of modern vehicles. Are automakers doing enough to protect us, or are they cutting corners in the race for innovation? Let’s discuss in the comments.
Looking back, the stakes have only grown higher. In 2025, hackers earned $886,250 for exploiting 49 zero-days, and in 2024, they collected $1.3 million after hacking a Tesla twice. This year’s event is on track to surpass those records, highlighting the urgent need for stronger cybersecurity in the automotive industry.
Meanwhile, as the 2026 CISO Budget Benchmark report (https://www.wiz.io/reports/ciso-security-budget-benchmark-2026) reveals, over 300 security leaders are strategizing for the year ahead. With insights into budgeting, trends, and priorities, this report is a must-read for anyone navigating the complex landscape of cybersecurity. How are you preparing for the challenges of 2026? Share your thoughts below—this conversation needs your voice.
