For 28 years, Black Hat has been the conference where the year’s most consequential offensive research goes public.
Black Hat USA 2026 runs 1–6 August at the Mandalay Bay Convention Center in Las Vegas, opening with four days of intensive trainings and culminating in two days of Briefings that will, as usual, generate Tuesday-morning headlines and a fair number of vendor advisories.
The Conference at a Glance
Founded by Jeff Moss in 1997, Black Hat now runs across the US, Europe, Asia, and the Middle East.
The USA edition is the flagship: more than 100 selected Briefings reviewed by the Black Hat Review Board, the Arsenal showcase for open-source tools, a Business Hall that sits adjacent to but distinct from RSAC’s vendor sprawl, and the long tradition of researchers walking on stage to disclose vulnerabilities the affected vendors learned about weeks earlier.
Summit Day on 4 August adds invitation-only executive content.
On-demand recordings of all Briefings are available to passholders for 30 days post-event, with a Streamly subscription extending access for a full year.
Who It’s For?
Black Hat splits its audience cleanly.
Trainings (1–4 August) are for practitioners — penetration testers, malware analysts, cloud security engineers, reverse engineers, and anyone willing to spend days inside a hands-on lab with a globally recognised instructor.
The Briefings audience (5–6 August) is broader: corporate researchers, ethical hackers, federal agents, CISOs trying to understand what their adversaries can actually do, and the press corps that translates the research into public coverage.
Many senior leaders attend in tandem with their senior technical staff, which often produces more useful internal conversations than either group attending alone.
ISC2-certified attendees can earn 14 CPEs for the Briefings.
Highlights and Themes from the Most Recent Edition
Briefings tracks consistently cover novel exploitation techniques, vulnerabilities in widely deployed consumer and enterprise products, AI/ML security, hardware and firmware research, cloud platform security, and an increasingly serious thread on critical infrastructure.
The vendor-neutral selection process — Black Hat is explicit about not selling Briefings slots, with Review Boards vetting submissions for uniqueness, accuracy, and supporting evidence — is the reason researchers continue to drop their best work here.
Talks often arrive with academic-grade papers, proof-of-concept code, and video demonstrations attached, which sets a quality bar few other commercial conferences match.
Black Hat’s partnership with the Electronic Frontier Foundation, providing pro-bono legal consultation to researchers, remains a useful signal of the conference’s posture.
What to Expect Going Forward
Watch for AI security research to dominate the 2026 Briefings: prompt injection at scale, model supply chain attacks, and the security properties of agentic systems are all areas where peer-reviewed offensive research has been accumulating since 2024.
Post-quantum migration and OT security will continue to draw serious technical content, and identity research — particularly around Active Directory and cloud identity providers — is unlikely to slow down.
Combined with DEF CON the following weekend, the Las Vegas trip remains the highest-density technical week in the calendar.
The Bottom Line
Briefings passes start around $2,500 and Trainings can run several thousand more, but Black Hat is the rare conference where the technical content genuinely cannot be replicated elsewhere.
For CISOs, the value is in understanding what your defensive controls will be tested against in 12 months.
For technical leads, the Trainings often deliver more practical capability per day than any other paid course on the market.
If you’re picking one US event for senior technical staff, Black Hat is the strongest candidate.