TrendAI expands bug bounty to cover AI vulnerabilities

TrendAI has expanded its Zero Day Initiative to include vulnerabilities in AI systems, following new findings from the Pwn2Own Berlin hacking competition.

Security researchers disclosed 47 unique zero-day vulnerabilities at the event across AI databases, coding agents, web browsers, enterprise applications, and servers. Participants received total prize money of USD $1,298,250. NVIDIA joined as a first-time sponsor and offered its own products for testing.

The shift comes as companies in Australia and elsewhere add more AI tools and infrastructure to their operations. That is widening the attack surface at a time when attackers can use AI to automate zero-day exploitation and run attack chains at scale.

The Zero Day Initiative, or ZDI, is a bug bounty and coordinated disclosure programme that rewards researchers for reporting vulnerabilities. It also runs ethical hacking contests designed to uncover flaws before criminals can exploit them.

Pwn2Own Berlin provided a recent test of that approach. Researchers targeted a broad range of products, and several of the top payouts went to attacks on widely used business software and infrastructure.

Contest findings

Orange Tsai of DEVCORE Research Team chained three bugs to achieve remote code execution as SYSTEM on Microsoft Exchange, earning USD $200,000. The same researcher also chained four logic bugs to escape the sandbox on Microsoft Edge and received USD $175,000.

Splitline of DEVCORE Research Team chained two bugs to exploit Microsoft SharePoint and received USD $100,000. Nguyen Hoang Thach of STARLabs SG used a memory corruption bug to exploit VMware ESXi with the cross-tenant code execution add-on, earning USD $200,000 and 20 Master of Pwn points.

Another demonstration focused on AI-related infrastructure. Chompie of IBM X-Force Offensive Research used a single bug to exploit NV Container Toolkit and received USD $50,000.

Top payouts

Disclosures made through ZDI give software and hardware vendors a chance to fix vulnerabilities before they are abused. TrendAI also pointed to its own research showing that vendors are increasingly failing to patch software vulnerabilities after disclosure.

That gap between disclosure and patching has become a central issue for defenders. According to TrendAI, customers using its Vision One platform are protected an average of three months ahead of the rest of the industry through coordinated disclosure and virtual patching.

AI exposure

The emphasis on AI reflects a broader shift in how security researchers and vendors frame cyber risk. Rather than treating AI as a separate or emerging field, the focus is moving to practical weaknesses in the databases, agents, and underlying infrastructure now being woven into mainstream corporate systems.

For Australian organisations, that matters because AI adoption is expanding beyond pilot projects into critical business functions and industrial settings. Security concerns now extend beyond model misuse or data leakage to flaws in the supporting software stack that can provide a path into wider networks.

"TrendAI uses the deepest threat intelligence in the industry to protect our customers. We use the vulnerabilities discovered at Pwn2Own to empower vendors to patch these vulnerabilities quickly, while also offering our customers protection well ahead of the rest of the industry via virtual patching. As AI tools and infrastructure continue to become central to businesses functions, staying ahead of vulnerabilities will be as critical as ever," said Rachel Jin, Head of TrendAI.

TrendAI's Australia and New Zealand technology leadership linked that message directly to local businesses and critical sectors.

"As AI infrastructure becomes increasingly embedded across Australian businesses and critical industries, staying ahead of vulnerabilities will be more important than ever. Industry-leading initiatives like Pwn2Own Berlin under TrendAI ZDI address the growing attack surface of AI, applying real-world vulnerability discovery in AI systems to prioritise and reduce risk in enterprise environments," said McCluney.