Wiz
Blog

Introducing zeroday.cloud: First-of-its-kind cloud and AI hacking competition

Wiz and the leading CSPs are launching one of the largest hacking competitions ever to secure the open-source software powering the cloud ecosystem

Register for the eventGet a demo
Nir Ohfeld

The Wiz Research team is proud to launch zeroday.cloud, a first-of-its-kind cloud hacking competition with a prize pool totaling up to about $4.5 million in bounties, making zeroday.cloud one of the largest cloud hacking events ever held.

Cloud and AI now power critical systems around the world, from hospitals and banks to governments and entire economies. These cloud platforms are built on top of many open-source projects, like database engines and virtualization technologies. As we’ve demonstrated in some of our recent work, a single vulnerability in such projects can affect the entire cloud ecosystem. Despite the critical impact, some of these projects don’t have the backing of a major bug bounty program to incentivize top-tier security researchers. Until now. 

zeroday.cloud is a natural extension of our mission at Wiz Research: uncover emerging threats in cloud infrastructure, share our findings, and help vendors patch vulnerabilities quickly. This is a space that needs greater visibility and collaboration, so we’re inviting the broader security community to join us and accelerate the future of cloud and AI security together.

About zeroday.cloud

zeroday.cloud is where responsible researchers can dissect the software powering the cloud, identify critical zero-days, and help fix them in partnership with vendors.

We’re incredibly grateful to AWS, Microsoft, and Google Cloud for partnering with Wiz Research to make zeroday.cloud possible. Their support shows a shared industry commitment to advancing cloud security for everyone.

The competition will take place at Black Hat Europe in London, December 10 and 11

Researchers can compete across six categories:

  • AI: Ollama, vLLM, NVIDIA Container Toolkit (Container Escape)

  • Kubernetes and Cloud-Native: Kubernetes API Server, Kubelet Server, Grafana, Prometheus, Fluent Bit

  • Containers and Virtualization: Docker, Containerd, Linux Kernel (Ubuntu)

  • Web Servers: nginx, Apache Tomcat, Envoy, Caddy

  • Databases: Redis, PostgreSQL, MariaDB

  • DevOps & Automation: Apache Airflow, Jenkins, GitLab CE

Submitted exploits should result in total compromise of the target, meaning a full Container/VM Escape for the Virtualization category, and a 0-click Remote Code Execution (RCE) vulnerability for other targets.

Contestants may submit exploits for different targets. Submissions will be demonstrated live by the contestant, on stage in London, and judged by Wiz Research together with some of our CSP partners. Winning submissions will win a generous cash prize, as detailed on zeroday.cloud.

Join us

Cloud and AI are reshaping the world. It’s up to us to secure them together.

If you’re ready to test your skills, make a difference, and help shape the future of cloud security, visit zeroday.cloud to register your exploit and learn more. And for any questions that aren’t answered in our Contest Rules or FAQ on zeroday.cloud, please contact us at zerodaycloud@wiz.io.

We’ll see you in London!

Register for the event

Tags
#Product & Company News#Research

Continue reading

Get a personalized demo

Ready to see Wiz in action?

"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management
Get a demo