Pwn2Own Berlin 2026, widely regarded as the leading global competition for vulnerability research, wrapped up on May 16 following three days of high-stakes challenges. Against a backdrop of rapidly advancing AI-powered vulnerability discovery and intense rivalry among elite white-hat hackers, Taiwan-based offensive cybersecurity firm DEVCORE delivered a standout performance. The company’s researchers identified flaws in four major Microsoft platforms, earning 50.5 points—more than twice the total of the nearest competitor—and claiming the prestigious Master of Pwn title.

DEVCORE Dominates Microsoft Categories at Pwn2Own Berlin
Headed by Principal Security Researcher Orange Tsai, the DEVCORE Research Team finished the event with 50.5 points and secured $505,000 in prize winnings alongside the Master of Pwn championship. During the contest, the team successfully demonstrated exploits targeting Microsoft Edge, Exchange, Windows 11, and SharePoint. DEVCORE stood out as the only team to achieve a successful browser-category exploit. The company also reinforced its reputation in Exchange Server research, becoming the only team in Pwn2Own history to successfully exploit critical Exchange vulnerabilities on two separate occasions, following an earlier victory in 2021. Their Exchange research additionally earned the competition’s highest payout for a single target.

Reflecting on the achievement, Orange Tsai said it was a privilege to bring international recognition back to Taiwan while highlighting the advanced cybersecurity research capabilities of both Taiwan and DEVCORE. He noted that the experience would further strengthen the company’s Offensive Product Security Research (OPSR) services by helping organizations uncover high-risk attack surfaces, validate exploitable attack chains, and better understand the real-world business impact of product vulnerabilities.

AI and Human Expertise Combine to Shape Modern Vulnerability Research
As generative AI tools continue to improve offensive security and vulnerability discovery capabilities, this year’s Pwn2Own competition incorporated AI models as official research targets for the first time. The broader cybersecurity industry has also seen a sharp increase in vulnerability disclosures due to AI-assisted research methods, according to reports from the Zero Day Initiative (ZDI), the event organizer.

DEVCORE integrated AI into parts of its research workflow during the competition, using it to speed up tasks such as code analysis and proof-of-concept validation. The Exchange Server vulnerability that earned the event’s top single-target reward was reportedly discovered within one week, drawing on Orange Tsai’s years of Exchange expertise while using AI as a supporting tool to develop a Remote Code Execution (RCE) exploit.

By comparison, the team’s 17.5-point Microsoft Edge exploit relied entirely on manual analysis without AI support. Researchers combined four separate logic flaws to achieve a sandbox escape technique that ZDI described as unprecedented. Due to the seriousness of the issue, Microsoft released a security update within 24 hours after the vulnerability disclosure.

Tsai emphasized that while AI significantly boosts efficiency, widespread use of these tools means many researchers often uncover the same vulnerabilities. He explained that DEVCORE’s advantage comes from focusing on unconventional bug classes and technically demanding targets that others may avoid, paired with the team’s deep low-level expertise and years of experience. According to Tsai, although AI has transformed how white-hat hackers work, discovering truly critical vulnerabilities still depends heavily on skilled researchers directing AI toward meaningful research paths.

JumpCloud Inc. has unveiled its latest study, The Agentic IAM Pulse Report: Closing the Governance Gap to Accelerate with AI, revealing that AI agents are becoming deeply integrated into core business functions while governance and oversight lag behind. Although 72% of organizations are already using AI agents, 92% admit they face major challenges in scaling them securely.

The report points to a growing concern as AI agents move beyond experimental use into critical operations such as financial reporting and HR provisioning. As their responsibilities expand, these systems are being granted greater autonomy with reduced supervision.
Key insights from the report include:

According to Joel Rennich, AI adoption has advanced faster than the safeguards required to manage it securely. He noted that AI agents are increasingly operating within sensitive workflows, often with fragmented identities, elevated access privileges, and minimal supervision. Rennich emphasized that identity management has effectively become the final security perimeter for AI agents, making formal governance frameworks essential to transform AI from a potential risk into a long-term driver of growth.

To address these concerns, JumpCloud Inc. introduced its Agentic IAM solution, designed specifically for the AI-driven era. The platform delivers a centralized control system that connects human users, non-human identities, and autonomous agents to verified corporate identities. By automating governance and security controls throughout the AI lifecycle, the company aims to help organizations turn AI from an unmanaged threat into a secure business advantage.

Click here to download the full report.

 

Looking Ahead: Securing the Future of Mobile Connectivity
As we envision the next generation of mobile connectivity, it's essential to evaluate how our security strategies must evolve to meet new demands.

Security in mobile networks has come a long way since 3GPP Release 15 introduced the first 5G security standards. Each subsequent release has reinforced the integrity of our current networks. However, emerging technologies like AI, quantum computing, and large-scale parallel processing bring with them new forms of cyber threats—making it more critical than ever to secure all elements of communication, computation, and connectivity.

With development efforts for 6G gaining traction under 3GPP, now is the right moment to focus on shaping a secure mobile future.

Welcome to the seventh article in our 6G Foundry series, where we delve into the essential building blocks for secure 6G development—exploring native security features, quantum-resilient technologies, and robust trust models.
 
Native 6G Security Enhancements
1. Securing Control Signals in the Access Network
A core element of 6G will be reinforcing the confidentiality and authenticity of control messages. While 5G currently protects RRC and user plane data at the PDCP layer, lower-layer protocols like MAC still lack such protection. This creates vulnerabilities where tampering with timing advance or transmission configuration messages could impact link performance or leak sensitive mobility information.

6G can strengthen these areas by introducing security mechanisms directly at the MAC layer, offering comprehensive protection of both control and user data traffic.

2. Improved Security During RAN Mobility
Enhancing key management during handovers is another focus area. Current 5G systems use RRC signaling and the Xn interface for key transfers between gNBs, which may delay or weaken key isolation. In 6G, we propose an improved key hierarchy that offers forward and backward security during mobility events. By allowing multiple RAN nodes to prepare keys concurrently, we increase both the security and flexibility of handover operations.

3. Flexible User Plane Security Endpoints
Security for user plane data could be made more granular in 6G by supporting multiple independent termination points. In 5G, a single user device might be linked to several CU-UPs without sufficient key separation, increasing the risk of compromise. Furthermore, binding UP security keys to the control plane can result in excessive signaling, especially for devices with limited capability.

Our proposal for 6G includes introducing key separation based on network design, user mobility, and service requirements—offering tailored configurations without compromising UE protocol consistency.

4. Stronger Privacy for User Identities
Protecting temporary identifiers like the C-RNTI is critical. Persistent identifiers may allow passive tracking and profiling of users. While 5G introduced periodic reallocation of some IDs, 6G could further strengthen this by reallocating C-RNTIs more frequently without triggering full re-authentication.

Also, permanent IDs (like SUPI) currently use ECIES for concealment. With quantum computing on the horizon, 6G must transition to post-quantum cryptographic methods. However, PQC brings overhead challenges. A potential solution is using symmetric-key encryption, leveraging USIM credentials to minimize data sizes while maintaining strong identity protection.
 
Building Trust Frameworks for 6G
1. Isolated Security Contexts Across Network Functions
In current 5G architectures, the AMF handles NAS security for UEs, but this creates single points of failure and limits end-to-end protection. There’s also a lack of secure UE-HPLMN communication while roaming.

Future 6G systems should support independently anchored security at various network functions—enabling secure NF relocation and roaming configurations. By decoupling SEAF from the AMF and enabling distributed key management, UE communication can remain secure and isolated across the network.

2. Integrating Zero Trust Architecture (ZTA)
Zero Trust principles, as defined by NIST, assume no implicit trust within the network. While some efforts have been made to implement ZTA in 5G Core and RAN components, broader adoption is still limited.

6G can advance this by introducing new architectural elements to continuously assess security states and enforce access policies. A unified approach spanning both 3GPP and O-RAN systems would enable comprehensive security management throughout the mobile ecosystem.

3. Strengthening Pre-Security Message Integrity
Critical system broadcasts and initial RACH or RRC messages remain unprotected in 5G, leaving the system vulnerable to spoofing or relay attacks. Although digital signing of system messages has been proposed, the overhead from PQC-based signatures is considerable.

As a more efficient alternative, 6G could implement a message digest mechanism, similar to TLS transcript hashing. This would verify message integrity without significant overhead and enhance security during early protocol exchanges.
 
Quantum-Resistant Security
With quantum computing threatening traditional cryptographic systems, the transition to post-quantum security becomes vital. Shor’s algorithm undermines public key schemes based on factorization or discrete logs, and Grover’s algorithm weakens symmetric encryption by halving its effective security.

To address this, future mobile systems must adopt quantum-resistant algorithms. AES-256, SNOW5G, ZUC-256, and AEAD schemes will play essential roles, as will NIST-endorsed PQC algorithms for key exchange and identity protection.

By integrating these solutions, we lay the groundwork for communication networks that are secure even in the quantum era.

Security as a Cornerstone of Connectivity
The rapid advancement of AI, compute, and mobile networks offers boundless potential—but also demands vigilance. Our commitment is to design a mobile ecosystem where security and trust are embedded by default.

Through innovations across the RAN, protocol stack, and trust architecture, we are helping define a secure and resilient future with 6G.

Stay tuned for more insights from the 6G Foundry series as we continue to shape the next decade of connectivity.