Hack Monty 2: a $10,000 bounty to break our Python sandbox

In April 2026, the initial round of the "Pydantic Monty" bounty saw hackers successfully exploiting vulnerabilities within 48 hours, prompting organizers to patch the issues and re-audit the code for a second round, now with double the reward. The Monty platform, a minimal Python interpreter written in Rust, facilitates AI-generated code execution directly on the host with microsecond startup times. Sponsored by Prefect and Hugging Face, this initiative aims to uncover vulnerabilities in Monty, which is embedded without additional infrastructure and can potentially compromise the host if a sandbox escape occurs. Participants are encouraged to identify and exploit security flaws in the system for a full bounty of $10,000, or a partial one, depending on the nature of the vulnerability found, while following strict rules to ensure ethical hacking practices.