Skip to main content Microsoft Defender Microsoft Entra Microsoft Intune Microsoft Purview Microsoft Security Copilot Microsoft Sentinel View all products AI-powered cybersecurity Cloud security Data security & governance Identity & network access Privacy & risk management Security for AI Small and medium business Unified SecOps Zero Trust Pricing Services Partners Why Microsoft Security Cybersecurity awareness Customer stories Security 101 Product trials How we protect Microsoft Industry recognition Microsoft Security Insider Microsoft Digital Defense Report Security Response Center Microsoft Security Blog Microsoft Security Events Microsoft Tech Community Documentation Technical Content Library Training & certifications Compliance Program for Microsoft Cloud Microsoft Trust Center Security Engineering Portal Service Trust Portal Microsoft Secure Future Initiative Business Solutions Hub Contact Sales Start free trial Microsoft Security Azure Dynamics 365 Microsoft 365 Microsoft Teams Windows 365 Microsoft AI Azure Space Mixed reality Microsoft HoloLens Microsoft Viva Quantum computing Sustainability Education Automotive Financial services Government Healthcare Manufacturing Retail Find a partner Become a partner Partner Network Microsoft Marketplace Software companies Blog Microsoft Advertising Developer Center Documentation Events Licensing Microsoft Learn Microsoft Research View Sitemap
An icon of a person wearing a hoodie representing the cliche black hat hacker
Events 7 min read

Microsoft at Black Hat USA 2026: Defending trust in the age of AI and supply chain attacks

Copilot logo Powered by Microsoft Copilot

Across the threat landscape, in this moment, one pattern sits at the center of the story: threat actors are following trust.

They are not only looking for vulnerable systems, but rather targeting the software, services, identities, tools, developer workflows, and AI systems that organizations already depend on.

A package can become a distribution path. A build pipeline can become an access path. A trusted tool can become or expand an attack surface. An AI agent with the wrong access can become a new way to reach code, data, or infrastructure.

While the surfaces may change, the goal for the majority of threat actors remains the same: find what is trusted, abuse it, and scale the impact.

At Black Hat USA 2026, Microsoft Security will walk through how we are seeing this shift unfold, how security teams can look for it earlier, and how threat intelligence, expert-led response, and security operations need to work together when campaigns move across software, identity, cloud, data, and AI systems.

On Wednesday, August 5, 2026, the day begins with David Weston’s keynote, The End of Rare: Defending When Offense Is Cheap, which looks at what defense requires when offensive capability becomes easier to access, automate, and scale. Later that afternoon, Aarti Borkar and Tanmay Ganacharya will resume the main stage for Poisoned at the Source: Inside the Hunt for Supply Chain Attacks, which offers a closer look at how Microsoft Threat Intelligence is hunting attacks across software ecosystems, developer workflows, and trusted services. This includes details into the ongoing attacks on npm (Node package manager). 

Together, these sessions frame the challenge security teams are facing now: when offensive capability becomes easier to scale, security teams need to understand the trust paths threat actors can abuse before those paths become open doors for attacks. 

At our booth, we’ll also showcase Microsoft Defender Experts Threat Intelligence, a new expert-led service delivering continuous, curated intelligence tailored to your organization, and Microsoft Defender Experts MDR, now extended with third-party and multicloud coverage.

From August 4 to 6, 2026, at Mandalay Bay in Las Vegas, you’ll find Microsoft Security on the Business Hall floor at booth #2144, and on Wednesday evening, join us at the Microsoft Security reception at Swingers at Mandalay Bay.

Weston on the future of defense 

At 9:15 AM PT on Wednesday, August 5, 2026, David Weston, CVP of Agentic Security, will examine what changes for security teams when offensive capability becomes easier to access, automate, and scale. 

The keynote sets up one of the central questions security leaders are facing now: how does the security operations center (SOC) and analysts adapt when threat actors can move faster, test more often, and reuse trusted paths across software, identity, cloud, and AI systems? Join the keynote Wednesday, August 5, 2026, then continue the conversation with Microsoft Security at booth #2144. 

Our latest intelligence (and response) on npm supply chain attacks

That same intelligence-to-action challenge is at the center of our main stage session at Black Hat. 

On Wednesday, August 5, 2026, from 2:30 PM PT to 3:00 PM PT, Aarti Borkar, Corporate Vice President (CVP), Microsoft Security, and Tanmay Ganacharya, Vice President of Microsoft Security Research and Threat Intelligence, will share intelligence and insights into the ongoing supply chain campaigns impacting all areas of the threat landscape. The talk, Poisoned at the Source: Inside the Hunt for Supply Chain Attacks, will walk through Microsoft Threat Intelligence’s investigations into the ongoing npm supply chain attacks targeting software ecosystems, developer workflows, trusted services, and how organizations are handling the challenges associated with npm packages.

Follow the research in the Black Hat Briefings

Microsoft Security researchers will also present peer-reviewed technical research in the Black Hat Briefings. These sessions go deep into cloud, mobile, and software supply chain defense.

GitHub Can Tell You’re Being Hacked. You’re Just Not Listening: Building EDR for GitHub from Its Own Event Stream

  • Presented by Yossi Weizman, Principal Security Research Manager
  • Wednesday, August 5, 2026, from 10:15 AM PT to 10:45 AM PT

One Click to System: Exploiting Bixby’s Trust Model for Full Device Compromise

  • Presented by Dimitrios Valsamaras, Senior Security Researcher
  • Wednesday, August 5, 2026, from 12:00 PM PT to 12:40 PM PT

Handle With Care: Chaining Azure Automation Flaws for Cross-Tenant Identity Takeover

  • Presented by Shay Shavit, Senior Security Researcher
  • Wednesday, August 5, 2026, from 4:30 PM PT to 5:10 PM PT

Check the official Black Hat schedule for final room assignments and any timing updates.

Go deeper in Microsoft sessions

Microsoft experts will also lead sessions that give you a closer look behind the scenes, including:

Mind the Gap: Turning Threat Intelligence into Decisive Action with Expert-Led Defense

  • Presented by Wes Malaby, General Manager of Customer Success
  • Wednesday, August 5, 2026, from 5:00 PM PT to 5:20 PM PT

Cyber Defense Showdown

  • Presented by Fanta Kaba and special guest Jimmie Galaites
  • Wednesday, August 5, 2026, from 5:00 PM PT to 5:20 PM PT

Agentic Security: What’s Next

  • Presented by Naadia Sayed, Principal Product Manager
  • Thursday, August 6, 2026, from 11:15 AM PT to 12:00 PM PT

These sessions extend the main stage story into practitioner decisions: how teams move from intelligence to action, how defenders test their judgment under pressure, and how AI and agents are changing security workflows.

Visit booth #2144 for research, community, and hands-on defense

This year we are transforming the Microsoft Security booth into a community center. Click here to jump to the full schedule.

If the keynote and main stage sessions frame the largest challenges across the threat landscape, booth #2144 is where you can directly explore the workflows behind it: threat intelligence, incident response, AI security, security operations, partner solutions, and hands-on practice.  

You will find:

Connection circles, ask-me-anythings (AMAs), meetups led by industry influencers, and lightning talks

Short-form conversations with practitioners and experts on threat intelligence, incident response, AI security, identity, data protection, and security operations. If you swing by when the expo area opens, we’ll also fuel you up so you can skip the food court.

Partner presence

At Black Hat 2026, the Microsoft booth will feature 13 partners from the Microsoft Intelligent Security Association (MISA) who will showcase solutions built with Microsoft Security technology. Security Insider Conversations will feature MISA partners Critical Start (August 5, 2026, at 3:30 PM PT) and Huntress (August 6, 2026, at 2:00 PM PT) alongside Microsoft Security experts. Additionally, thank you to our Microsoft Security VIP Mixer sponsors: Ascent Solutions, Avertium, Devicie, Huntress, Illumio, Maureen Data Systems, and Security Risk Advisors. 

Demo our latest innovations

Explore connected experiences across defending with AI, securing AI, strengthening posture for AI adoption, using security intelligence in investigations and response, working with trusted partners, and connecting with Microsoft Defender experts.

Exclusive swag (featuring a surprise guest)

Spend some time with us at the experience we built around the booth and you’ll earn tokens that can be exchanged for custom patches and hats (because security experts have to wear many hats). Your favorite paperclip may be among the patches. Maybe.

Decompress with mini golf

The biggest Microsoft Security community moment of the week is our reception at Swingers at Mandalay Bay, hosted by Aarti Borkar.

Join us Wednesday, August 5, 2026, from 6:00 PM PT to 9:00 PM PT for food, drinks, mini golf, partner activations, and time with the Microsoft Security team away from the show floor.

Come compare notes with peers, meet Microsoft researchers and responders, and connect with the broader Microsoft Security community.

Space is limited, so reserve your spot early.

Plan your week with Microsoft Security

You can find Microsoft Security at booth #2144 during Business Hall hours:

  • Tuesday, August 4, 2026: 4:00 PM PT to 7:00 PM PT
  • Wednesday, August 5, 2026: 9:00 AM PT to 6:00 PM PT
  • Thursday, August 6, 2026: 9:00 AM PT to 4:00 PM PT

Stop by early to see the booth schedule, find upcoming AMAs and connection circles, and plan which live sessions and hands-on experiences you want to attend.

Skill up before and after Black Hat

You do not need to be in Las Vegas to take part in the broader Microsoft Security Black Hat experience.

The Microsoft Black Hat Skilling Challenge begins July 20, 2026, and will help defenders build hands-on skills across Microsoft Defender, Microsoft Sentinel, and Microsoft Security Copilot. Attendees can use the challenge to prepare before the event, then bring questions to on-site experts and community sessions. Remote participants can follow along through Microsoft Tech Community, AMAs, recaps, and post-event resources.

See you at hacker summer camp

Threat actors are adapting around the systems organizations already trust. Security teams need to understand those trust paths before they become attack paths.

At Black Hat USA 2026, Microsoft Security will bring the research, expert perspective, and hands-on experiences to help practitioners see where attacker behavior is moving and how defense can adapt.

Add Poisoned at the Source to your schedule. Visit us at booth #2144. Join the skilling challenge. And register for the Microsoft Security reception on Wednesday night.

Microsoft Security booth #2144 experiences and schedule

Tuesday, August 4, 2026

TimeTitle
5:00 PM PT to 6:00 PM PTHow Practitioners Build Effective Security Playbooks
6:00 PM PT to 7:00 PM PTAgentic Security: What’s Next

Wednesday, August 5, 2026

TimeTitle
9:00 AM PT to 9:30 AM PTSecurity Communities Meet Up
10:00 AM PT to 10:30 AM PTUsing Offensive Security Research to Advance AI Security
10:30 AM PT to 11:00 AM PTThe Confused Deputy Strikes Back: How AI Agents Turn Into RCE Proxies
12:00 PM PT to 12:30 PM PTHunting in the Gray: When Nation-States and Cybercrime Collide
12:30 PM PT to 1:00 PM PTAI in Security Operations: What Actually Works and What Doesn’t
1:00 PM PT to 2:00 PM PTAI in the SOC: Lessons Learned from the Front Lines
2:30 PM PT to 2:30 PM PTMicrosoft Defender Challenge
2:30 PM PT to 3:00 PM PTFrom Alert Fatigue to Action: How Practitioners Prioritize What Matters
3:00 PM PT to 3:30 PM PTAgents in the Flow of Work: From Signals to Action
3:30 PM PT to 4:00 PM PTWill It Hold Up in Court? Forensic Defensibility of Microsoft 365 Evidence
5:00 PM PT to 6:00 PM PTZero Trust for the Agentic Era: An Interactive Discussion for Securing AI

Thursday, August 6, 2026

TimeTitle
9:00 AM PT to 9:30 AM PTThe Future of Microsoft Security and How Communities Can Support You
10:00 AM PT to 10:15 AM PTQuantum Is Here: What Practitioners Must Do Now
11:00 AM PT to 12:00 PM PTThe Next Era of Cyber Defense: Clarity, Control, and Response at Scale
12:00 PM PT to 12:30 PM PTLessons from the Field: What to Do When You’re Under Attack
12:30 PM PT to 1:00 PM PTWhen Browsers Become Agents: The Emerging Security Risks of AI‑Powered Browsers
2:30 PM PT to 3:00 PM PTSocial Engineering Always Matters
3:00 PM PT to 3:30 PM PTAI Runs on Data: Securing the Foundation of AI Adoption

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us on LinkedIn (Microsoft Security) and X (@MSFTSecurity) for the latest news and updates on cybersecurity.