At Pwn2Own Berlin 2026, security researchers demonstrated 47 unique zero-day vulnerabilities across AI platforms and traditional enterprise software. Notable exploits included root-level code execution in AI agents via trust boundary failures, a SYSTEM-level RCE in Microsoft Exchange, a pre-authentication RCE in SharePoint, and a cross-tenant guest-to-host escape in VMware ESXi.