Trend Micro’s Zero Day Initiative (ZDI) on Thursday announced that a new Pwn2Own Automotive hacking contest will be held next January, during the Automotive World event in Tokyo. The total prize pool exceeds $3 million.
Security researchers will compete in six categories at the competition, including a new supercharger category and another focused on Open Charge Alliance’s OCPP Compliance Test Tool (OCTT).
Tesla will again be present at the event, and researchers competing in this category will have the chance to drive a Tesla vehicle home, in addition to winning prizes of up to $500,000.
The highest rewards, however, will only be handed out to researchers able to remotely hack the vehicle’s autopilot, obtaining unconfined root access. Obtaining only full remote control over the autopilot (without the root bonus) will earn researchers $400,000 in cash and a Tesla vehicle.
Hacking any of a Tesla car’s electronic control units (ECU) and controlling CAN bus communication could also earn researchers $400,000 in cash and a Tesla vehicle.
There are 16 prizes offered in the Tesla category, seven of which include a vehicle. There are also three addons that researchers can earn, including one of $100,000 for arbitrary control over the CAN bus, and two of $50,000 each for persistent root access on the infotainment and autopilot systems.
“Contestants can register an entry against the Tesla Model 3/Y (Ryzen-based) equivalent bench top unit, and it wouldn’t surprise me if someone needs to run their exploits in an RF enclosure to prevent interference with vehicles that might be driving by,” ZDI notes.
Researchers can earn prizes of up to $20,000 for successful exploits demonstrated in the in-vehicle infotainment (IVI) category, as the IVI systems connect to other internal car systems through the CAN bus.
At Pwn2Own Automotive 2026, bug hunters will be able to target an Aplitronic supercharger in the Level 3 electric vehicle (EV) chargers category and earn prizes of up to $60,000.
Eight charging stations, wall connectors, and chargers will be available for hacking in the Level 2 EV chargers category, each promising prizes of up to $40,000. Several extra challenges are also available in this category, with prizes of up to $20,000.
“An attempt in this category must be launched against the target’s exposed services or against the target’s communication protocols/physical interfaces that are accessible to a typical user,” ZDI explains.
An entirely new category next year will be the Open Charge Alliance category, in which researchers can target the Open Charge Point Protocol (OCPP), which unifies communication between charge points and central systems. A successful exploit against it can earn researchers a $15,000 award.
As part of the sixth category, Automotive Operating Systems, bug hunters will have the chance to hack into Automotive Grade Linux, BlackBerry QNX, and Android Automotive OS, to earn monetary rewards of up to $60,000.
Interested researchers are encouraged to read the full Pwn2Own Automotive 2026 rules, as well as ZDI’s blog on what participating in Pwn2Own involves.
Related: Microsoft Offers $5 Million at Zero Day Quest Hacking Contest
Related: VMware Struggles to Fix Flaw Exploited at Chinese Hacking Contest
Related: Second Pwn2Own Automotive Contest Offers Over $1 Million in Prizes
Related: $2.5 Million Offered at Upcoming ‘Matrix Cup’ Chinese Hacking Contest
