Imagine a world where hackers are rewarded for breaking into cars, chargers, and even the systems that power them. Sounds like a sci-fi thriller, right? But that's exactly what happened at Pwn2Own Automotive 2026, where security researchers walked away with a staggering $1,047,000 after exposing 76 zero-day vulnerabilities in just three days. This annual event, held in Tokyo during the Automotive World conference, is a high-stakes battleground where ethical hackers test the limits of automotive cybersecurity.
This year’s competition was nothing short of intense. From January 21 to 23, teams targeted fully patched in-vehicle infotainment (IVI) systems, electric vehicle (EV) chargers, and car operating systems like Automotive Grade Linux. And this is the part most people miss: these aren’t just theoretical exploits—they’re real-world vulnerabilities that could potentially put drivers at risk. But here’s the silver lining: vendors now have 90 days to patch these flaws before they’re publicly disclosed by TrendMicro’s Zero Day Initiative.
The big winner? Team Fuzzware.io, who dominated the contest with a jaw-dropping $215,000 in earnings. They kicked things off by hacking an Alpitronic HYC50 Charging Station, an Autel charger, and a Kenwood DNR1007XR navigation receiver on the first day, earning $118,000. But they didn’t stop there—on day two, they exposed multiple zero-days in charging controllers and stations, pocketing another $95,000. Even a bug collision on the final day netted them an additional $2,500.
Other standout performers included Team DDOS, who took home $100,750, and Synactiv, with $85,000. Synacktiv Team also made waves by exploiting a Tesla Infotainment System via a USB-based attack, earning $35,000. But here’s where it gets controversial: as electric vehicles and smart car technologies become more prevalent, are we doing enough to secure them? With hackers consistently finding new vulnerabilities, it’s a question that demands attention.
This isn’t the first time Pwn2Own Automotive has made headlines. In 2024, hackers earned $1.3 million after demoing 49 zero-day bugs, including two successful Tesla hacks. The following year, 2025, saw researchers pocket $886,250 for exploiting 49 zero-days. Clearly, the stakes are rising—and so are the rewards.
As we look ahead, the 2026 CISO Budget Benchmark offers a timely reminder of the challenges facing cybersecurity leaders. With over 300 CISOs sharing their strategies, it’s clear that investment in security is more critical than ever. But is it enough to keep pace with the evolving threats?
What do you think? Are we doing enough to secure the future of automotive technology, or are we playing catch-up? Let’s spark a conversation in the comments—your insights could shape the debate!
