In the era of software-defined vehicles (SDVs), cyberthreats have expanded beyond vehicles to the interconnected systems that enable them, creating overlapping attack surfaces across the entire mobility ecosystem. The industry must therefore strengthen its cybersecurity posture to stay ahead of increasingly complex attacks.

To meet this challenge, VicOne is once again driving Pwn2Own Automotive, the world's largest zero-day vulnerability discovery contest focused on connected vehicles and the technologies that power them.

Join us on this platform where security researchers and automotive stakeholders come together!

Pwn2Own Automotive


(organized by RX Japan)
January 21 – 23, 2026
Tokyo Big Sight, Japan

RULES AND TARGETS
Follow Updates

Pwn2Own Automotive Cybersecurity Challenge 2026

Securing the Connected Mobility Ecosystem Through Zero-Day Vulnerability Discovery

Accelerating Automotive Zero-Day Vulnerability Discovery

Accelerating Automotive Zero-Day Vulnerability Discovery

VicOne amplifies awareness of the expanding connected vehicle attack surface, underscoring the urgency of fortifying the industry against emerging and evolving threats.

Spotlighting the Connected Vehicle and Its Interconnected Systems

Spotlighting the Connected Vehicle and Its Interconnected Systems

VicOne emphasizes the need to safeguard not only the vehicle's complex components, but also its connected technologies, paving the way for a more robust and resilient cybersecurity protection.

Forging Industry-Wide Collaborations

Forging Industry-Wide Collaborations

VicOne builds strategic partnerships between security researchers and automotive stakeholders to ensure that every vulnerability discovery leads to concrete action that strengthens the connected mobility ecosystem.

Drawing on VicOne's unparalleled threat intelligence, and on Trend Micro's proven Trend Zero Day Initiative™ (ZDI), Pwn2Own Automotive 2026 offers participants more than US$1 million in cash and prizes, with Tesla and Alpitronic as title sponsors.

VicOne Secures the Future of Mobility

by Helping Automotive Manufacturers and Suppliers Identify and Rectify Vulnerabilities

Pwn2Own Automotive Categories

Tesla

In-Vehicle Infotainment (IVI)

Level 3 Electric Vehicle (EV) Chargers

Level 2 Electric Vehicle (EV) Chargers

Open Charge Alliance

Automotive Operating Systems

Max Cheng

By discovering zero-day vulnerabilities, this event enables security researchers to uncover unknown, unpublished, and unreported vulnerabilities, facilitating early risk identification and mitigation within the automotive industry.

Max Cheng Chief Executive Officer of VicOne

Brian Gorenc

Hosting this contest in collaboration with VicOne, who has unmatched expertise and experience in automotive cybersecurity, is a key step in demonstrating our security research expertise within the automotive industry and the research community.

Brian Gorenc Vice President of Threat Research at Trend Micro and
Leader of the Zero Day Initiative (ZDI) program

Masaki Soda

We believe that it is of great significance that Pwn2Own Automotive, which will lead to increased security for connected cars and SDVs, will be held at Automotive World, where technologies that will create the future of cars and mobility will gather. We will contribute to the realization of a safer mobility society through this exhibition and event.

Masaki Soda Executive Officer, General Manager of Automotive World Secretariat, RX Japan Corporation

1
2
3

Get Updates on Pwn2Own Automotive

Gain Insights Into Automotive Vulnerabilities from VicOne

FAQs



What is Pwn2Own Automotive?

Pwn2Own Automotive is a one-of-its-kind event dedicated to uncovering and rectifying vulnerabilities in technologies for connected cars and software-defined vehicles (SDVs). It is co-hosted by VicOne and Trend ZDI, with Tesla and Alpitronic as the title sponsors. As its name suggests, Pwn2Own Automotive is an automotive-focused offshoot of Pwn2Own. Effectively turning potential future threats into a cybersecurity challenge, Pwn2Own is a contest that invites participants to discover zero-day vulnerabilities. To explore the nearly two-decade history and evolution of Pwn2Own, click here.

When and where will Pwn2Own Automotive 2026 be held?

Date: January 21 – 23, 2026

Location: Automotive World, Tokyo Big Sight, Japan

How do I register?

Pwn2Own Automotive: Contestant registration for Pwn2Own Automotive 2026 is open until January 15, 2026. Interested participants can submit a white paper detailing their exploit chain and run instructions to pwn2own@trendmicro.com. For more information, read the complete set of Pwn2Own Automotive rules here.

Automotive World: Visitor registration for Automotive World, where Pwn2Own Automotive will be held, is available here.

What are the travel requirements?

Visa requirements: Visa requirements for entering Japan vary by nationality. Consult the Japanese government’s guide for detailed information. For specific queries, contact your nearest Japanese diplomatic mission. Note that the event organizers do not provide visa application support.

Hotel reservations: For accommodation, contestants and visitors alike are advised to book independently. The Odaiba/Ariake areas are popular for their proximity to the event venue.

Venue access: Detailed transport and access information for the event venue can be found here.

Additional travel guidance is available on Automotive World’s FAQ page and in the official Tokyo travel guide.

What are the Pwn2Own Automotive 2026 contest categories and prizes?

Categories: Pwn2Own Automotive 2026 has six categories: Tesla, In-Vehicle Infotainment (IVI), Level 3 Electric Vehicle (EV) Chargers, Level 2 Electric Vehicle (EV) Chargers, Open Charge Alliance, and Automotive Operating Systems. Each category has a set of targets that can be selected by the contestant during the registration process. All entries must perform a security challenge on the device and demonstrate arbitrary code execution on the device.

Cash and prizes: More than US$1 million in cash and prizes will be awarded for vulnerabilities and exploitation techniques against the targets in the categories. The first contestant to successfully perform a security challenge on a target within the selected category will win the prize amount allocated for that specific target. Pwn2Own Automotive 2026 will also crown a Master of Pwn, signifying the overall winner of the contest.

For more information, read the complete set of Pwn2Own Automotive 2026 rules here.

Why does Pwn2Own Automotive matter?

Pwn2Own Automotive is a contest where the world’s top-level security researchers gather to discover vulnerabilities in the latest automotive technologies. Supporting Pwn2Own Automotive contributes to building a comprehensive risk management system in the SDV era.

  • Preparing for the SDV era
    As software increasingly controls vehicle functions, concerns about vulnerabilities and risks grow. Pwn2Own Automotive strengthens security through zero-day vulnerability discovery and incident prevention, laying the foundation for future vehicle security.
  • Improving product safety and reducing risk
    By testing the latest automotive technologies in real-world environments, Pwn2Own Automotive uncovers zero-day vulnerabilities early — before they reach underground markets. This proactive approach prevents cyberattacks, enhances product security, and minimizes risks.
  • Raising industrywide security awareness and building a cooperative framework
    By promoting cybersecurity awareness across the automotive industry and fostering collaboration, Pwn2Own Automotive aims to elevate cybersecurity standards and realize a safer automotive ecosystem.
  • Advancing security research and developing talent
    By recognizing and rewarding researchers for finding vulnerabilities, Pwn2Own Automotive cultivates skilled cybersecurity professionals. This hands-on experience in a real-world setting bolsters the industry’s overall security capabilities.

Join us in Tokyo in January 2026 for this unique event that propels the automotive industry toward robust and resilient cybersecurity.

RULES AND TARGETS
Follow Updates