- Black Hat USA 2026 will be held at the Mandalay Bay Convention Center in Las Vegas, Nevada, from August 1–6, 2026 (Trainings: Aug 1–4; Briefings: Aug 5–6; Business Hall Aug 4-6).
- This year's most-talked-about Briefings topics include AI offense & defense, supply chain security, and AI-driven exploitation of vulnerabilities in hardware & embedded systems.
- Registration options range from Briefings-only passes to full Training tracks with professional certifications.
- Yes, LastPass will be at Black Hat USA 2026. Scroll down to find out where to meet us and what we have in store for you.
- Don't skip the FAQ section. There's an honest answer to the question your finance team may be asking: Is this conference actually worth the budget?
Black Hat USA is a Las Vegas cybersecurity conference that brings together the world’s top security researchers and practitioners. In 2026, it comprises four (4) days of expert-led Trainings, a Summit Day, and a two-day main conference along with tool demos (Arsenal), Briefings on the latest defensive countermeasures, a dynamic Business Hall, and unlimited networking opportunities.
If you’ve attended Black Hat before, you’re likely familiar with this scene. The newcomers stepping off the Mandalay Bay escalators and taking it in for the first time. The veterans moving with purpose.
If you’re attending with someone new this year, this should help them get up to speed quickly. In this article, you’ll find:
- Answers to the most popular questions about Black Hat USA 2026
- This year's hottest Briefings topics and what they mean for modern controls
- The networking events worth attending
- Hands-on skill building: Trainings, live demos (Arsenal), the Escape Room
- The one thing that doesn't get enough attention: Summit Day
- What LastPass is bringing to Las Vegas
- An honest FAQ, including whether Black Hat is worth what it costs
#1 What do I need to know before I go to Black Hat USA 2026?
What’s Black Hat USA, and why should I attend?
Along with DEF CON and Fal.Con, Black Hat USA is a Las Vegas cybersecurity conference. It prides itself on offering the “most technical and relevant” security research in the world.
If you’re looking for where the real value happens, it’s the Briefings and Trainings.
Black Hat Briefings and Trainings are held annually in the United States, Europe, and Asia. You’ll find leading researchers presenting original, peer-reviewed findings, and trainers sharing cutting-edge offensive and defensive techniques.
Each Briefing and Training is also thoroughly vetted by the Black Hat Review Board, which comprises 100 of the world’s most respected security experts and thought leaders.
Basically, you should attend if you want to see the latest attack techniques and tooling shifts before they become mainstream.
Whether your job involves incident response, vulnerability discovery, threat hunting, or penetration testing, Black Hat is where you sharpen your craft for the realities of modern cyberwarfare.
When and where is Black Hat USA 2026?
Black Hat USA 2026 will take place at the Mandalay Bay Convention Center in Las Vegas, Nevada, from August 1-6.
|
Program |
Dates |
|
Trainings
|
Sat Aug 1st - Tuesday Aug 4th, 2026 |
|
Briefings
|
Wed Aug 5th & Thurs Aug 6th, 2026
|
|
Business Hall
|
Tues Aug 4th – Thurs Aug 6th, 2026
|
How do I register for Black Hat USA 2026?
Register directly on the Black Hat website. You'll create an account and select your pass type. If you're registering a team, group pricing is available.
How much does Black Hat USA 2026 cost?
Your cost for Black Hat USA will vary based on the pass type and how early you register.
Note, however, that Training passes are priced per course. And popular Trainings fill up quickly, so take note of the availability indicators for each Training.
|
Pass type
|
Price |
What’s included |
|
|
|
|
|
Briefings Pass |
$2,799 |
|
|
Training Pass |
| |
|
Summit Pass |
$1,899 |
|
|
Business Pass |
$799 |
|
|
Best-value bundle |
Briefings + Summit Pass ($3,799)
|
|
|
Ultimate Experience bundle |
Briefings + Trainings Pass ($2,500 + Training Pass: (Prices vary by Training) |
|
|
Add-ons |
|
|
|
Group registrations |
|
|
|
Academic registrations (must be able to prove status as full-time student or professor at an accredited university) |
$1,999 (ends July 3, 2026)
|
|
Are there any discounts for Black Hat USA 2026?
Yes. Black Hat USA offers discounts for:
- Early registration (available through Friday May 22, 2026)
- Bundle packages e.g. Briefings + Summit
- Academic/student attendees
- Groups of six or more
If your organization is sending multiple people, these discounts offer substantial savings.
What badge and ID do I need to enter?
All attendees need a valid, government-issued photo ID to pick up their badge. You can collect your badge at the Bayside Ballroom Foyer (Mandalay Bay Convention Center) or Mandalay Bay Hotel Lobby across from Hazel Lounge.
Main Registration: Level One - Bayside Foyer
- Sat, Aug 1: 7:30 AM - 4:00 PM PT
- Sun, Aug 2: 8:30 AM - 4:00 PM PT
- Mon, Aug 3: 7:30 AM - 5:00 PM PT
- Tues, Aug 4: 7:00 AM - 8:00 PM PT
- Wed, Aug 5: 7:30 AM - 6:00 PM PT
- Thurs, Aug 6: 8:00 AM - 4:00 PM PT
Satellite Registration: Mandalay Bay Hotel Lobby across from Hazel Lounge
- Mon, Aug 3: 1:00 PM - 5:00 PM PT
- Tues, Aug 4: 7:00 AM - 10:00 PM PT
- Wed, Aug 5: 7:30 AM - 1:00 PM PT
Remember that lost, misplaced, or stolen badges will incur a fee “equal to the original purchase amount of your pass.”
Can I earn CPE credits at Black Hat USA 2026?
Yes. Black Hat USA is an approved CPE provider. ISC2 and CompTIA members can earn credits by attending Briefings sessions and Training courses. Be sure to enter your membership or certificate number on the online registration form.
ISC2 members can earn:
- 14 CPE credits for Briefings
- 16 CPE credits for two-day Trainings
- 32 CPE credits for four-day Trainings
- 5 CPE credits for the Executive Summit
- 5 CPE credits for the Financial Threat Summit
- 5 CPE credits for the AI Security Summit
Note: For ISC2 CISSP and SSCP holders, CPEs are auto reported to ISC2 upon completion of Training and/or Briefings, 30 days after the event has ended. CompTIA members must self-report their own CPEs.
#2 What will everyone be talking about at Black Hat USA 2026?
What are the hottest Briefings topics at Black Hat USA 2026?
Every year, Black Hat Briefings presents the research that shifts how the industry thinks. In 2026, the focus is AI offense & defense; AI-driven exploitation of vulnerabilities in hardware & embedded systems; practical tooling for defenders (EDR for code repos, syscall filtering, sandboxing frameworks).
Black Hat USA 2026 Briefings (August 5th- August 6th, 2026)
AI as both offense & defense: This year’s training gives you a practical blueprint for offensive & defensive operations in AI-powered environments. See both sides of the engagement with Briefings like:
Attacking and defending AI browsers
- Speaker: Artem Chaikin
- Tracks: AI, ML, & Data Science, Application Security: Defense
- Format: 40-Minute Briefings
When AI attacks AI: Inside the self-propagating botnet built on compromised AI infrastructure
- Speaker: Gal Elbaz, Speaker: Avi Lumelsky
- Tracks: Threat Hunting & Incident Response, AI, ML, & Data Science
- Format: 30-Minute Briefings
- Speaker: Ta-Lun Yen
- Tracks: AI, ML, & Data Science, Cyber-Physical Systems & IoT
- Format: 40-Minute Briefings
Catch me if you can: AI investigators hunting autonomous attackers as a benchmark
- Speaker: Jayson Grace, Speaker: Martin Wendiggensen, Contributor: Shane Caldwell
- Tracks: AI, ML, & Data Science, Threat Hunting & Incident Response
- Format: 40-Minute Briefings
The CoreBreak attack: Turning AI agents into credentials exfiltration vectors
- Speaker: Hedi Ingber, Speaker: Aviyam Ivgi
- Tracks: Cloud Security, AI, ML, & Data Science
- Format: 40-Minute Briefings
Bye bye AI: How we hacked the AI shopping assistant of a top 3 US retailer
- Speaker: Netanel Rubin, Speaker: Dan Avraham
- Track: AI, ML, & Data Science
- Format: 30-Minute Briefings
Rules for neural traffic: A new defensive layer for LLMs
- Speaker: Yisroel Mirsky, Speaker: Shir Rozenfeld, Contributor: Gilad Gressel, Contributor: Rahul Pankajakshan
- Tracks: Defense & Resilience, AI, ML, & Data Science
- Format: 40-Minute Briefings
Beyond AI-enabled offense and defense, this year’s Briefings highlight a critical reality: AI threats are amplified and sustained through the existing security stack you defend:
- Supply chain abuses show how AI systems inherit risk from CI/CD pipelines, dependencies, and identity layers.
- Persistent blind spots in hardware and embedded systems highlight unchanged **attack primitives** accelerated by AI.
**basic attack methods attackers chain together into full attack paths, such as privilege escalation, lateral movement, credential theft, the exploitation of misconfigured services, and persistence mechanisms**
Meanwhile, practical tooling sessions highlight controls like:
EDR for code repos
Sandboxing frameworks
***Syscall filtering***
***restricting the system calls a program can make so an attacker who compromises the program is blocked from using the full set of kernel operations***
The takeaway from this year’s Briefings is clear: Defense in the age of AI means hardening your current stack while adapting detection and response to AI-driven speed and scale.
How to get the most out of Briefings sessions:
- Review the full agenda before you arrive and note organizational priorities e.g. real-world case studies, tooling or proof-of-concept, environment (AWS, identity, SaaS)
- If attending with your team, divide into roles so that each one attends the most relevant Briefing for their role.
- Arrive early for high-demand sessions. Popular talks fill quickly.
- Take the presentations home. Briefing slides and papers are published after the conference.
- Don’t hesitate to use “hallway Q&A” (following up with speakers after a Briefing) but be concise and respectful of their time.
- For a smoother day, Briefings, Briefings + Training, and Briefings + Summit passes include access to continental breakfast, breaks, and lunch on Wednesday, August 5th and Thursday, August 6th.
- Recorded briefings will be available on demand from Aug 14th to Sept. 14th, 2026, via the Black Hat Events app.
#3 What networking events are worth my time at Black Hat USA 2026?
Black Hat's social calendar boasts a who’s who of cybersecurity, but the official events are only part of the picture. Vendors, research groups, and community orgs run unofficial gatherings every evening. And the best ones aren’t on any official schedule.
Networking events to keep on your radar
|
Event |
When + Where |
Why Attend |
|
Black Hat opening day welcome reception |
Tues August 4th 4:00PM-7:00PM PT at the Business Hall
|
First official social event; good for first-day connections |
|
Business Hall Booth Crawl |
Wed August 5th, 4:00PM-6:00PM at the Business Hall
|
Official Black Hat Booth Crawl to network and engage with Booth Crawl sponsors. Even better: Food, fun, and drinks provided.
|
|
Hoxhunt CISO Mastermind Dinner |
Sun August 2nd, 6:00PM - 9:00 PM PT; register to see venue
|
Meet leading CISOs for an evening of networking and thought leadership. Bonus: Dinner 8:00PM-9:00PM PT |
|
AFTERFUSE |
Wed August 5th, 8:00PM-12:00AM; House of Blues Mandalay Bay; get on the list
|
High energy after-hours party; the closest thing to an “everyone important is here” event |
|
Cyera Black Hat events |
Mon August 3rd to August 5th
|
From hip receptions like Bourbon, Bubbles, & Blazers to a concert with an award-winning Grammy rapper, Cyera is promising a Black Hat unlike anything from times past. Sign up if you don’t want to miss the action! |
|
“Lock it Down” Party |
Thurs, August 6th, 4:00PM-7:00PM PT; Mandalay Bay 1923 Prohibition Bar; register here
|
Great food, music, raffle prizes, and networking with top industry professionals; sponsored by some of the hottest companies in cybersecurity, including Novee, Miggo, Hush Security, and Dymium
|
|
Hallway track |
Anytime on conference days |
Arguably the most valuable networking opportunity at Black Hat |
A note on the hallway track: Give yourself some breathing room. Black Hat’s real value lies in conversations between sessions, outside meeting rooms, or in line at the food court. If your entire schedule is booked end-to-end, you'll miss your best opportunities.
Important note: As of this writing, the links above are from official sources. If you’re tracking Black Hat 2026 parties and networking events, third-party event roundups like this site can be helpful. But your best bet is to verify details with the sponsor or organizer directly. Stay safe!
#4 The hands-on skill building you’ve been waiting for
What are Black Hat Trainings, and how do I choose the right one?
Black Hat Trainings are multi-day, instructor-led technical courses taught by researchers and field practitioners.
These aren’t just “lectures” but hands-on learning experiences, where you work with real tools and techniques in a lab environment.
The following provides a snapshot of 2026 Black Hat Trainings. See the full Trainings schedule here.
A quick glance at Black Hat Trainings session types (not a comprehensive list – see the full trainings schedule above)
|
Priority Area |
What This Signals |
1‑Day (Targeted Boost) |
2‑Day (Deep Capability Build) |
4‑Day+ (Strategic Immersion) |
|
AI Security |
Fastest-growing attack surface; orgs lack maturity |
• Applied AI Auditing & Defense |
• AI Red Teaming: Attacks on LLMs, agents, and multimodal systems |
|
|
Cloud & Identity Attack Paths |
Identity = new perimeter |
• Owning the Enterprise Through Browser Extensions |
• Offensive AWS - Breaking the Cloud |
• Adversary Tactics: Identity-driven Offensive Tradecraft |
|
Incident Response |
Shift from static playbooks to real-time, adaptive decision-making |
• Beat the Breach: Life-Fire Corporate Incident Response Simulation |
• Advanced Cloud Incident Response in AWS • Advanced Cloud Incident Response in the Microsoft Cloud |
• From Alert to Remediation: Windows Enterprise Incident Response |
|
Supply Chain & Third-Party Risk |
Major real-world breach vector |
• Mastering Third-Party Risk Management: Vendor & Software Supply Chain |
• Adversarial AI: Red Teaming the Entire AI Supply Chain – From RAG to Agents to Production |
• Breaking and Defending Kubernetes with GitOps, Supply Chain, & Threat Modeling |
|
Secure-by-Design / Modern AppSec |
Shift from patching to secure by default architecture |
• Advanced Web Security: Scaling CSP & Cutting-Edge Browser Defenses |
• Proactive Security Engineering: Building Secure-by-Design Architectures That Scale |
• Black Hat 2026 Edition of Offensive Mobile Reversing and Exploitation for iOS and Android |
|
Offensive Tradecraft (Red Team) |
Modern enterprise exploitation paths |
• Red Team Essentials: Foundations of Command & Control Red Team Essentials: Introduction to Ransomware Simulation |
• Ability Driven Red Teaming |
• Adversary Tactics: Red Team Operations • Physical Penetration, RFID Hacking, and Electronic Access Control Systems • Social Engineering Foundations & Applied Offensive Operations |
Can I earn a certificate at Black Hat USA 2026?
Yes. All Black Hat Trainings participants will be issued a digital Certificate of Completion, along with a digital badge. These aren’t the same as industry certifications like CISSP or Security+. They're completion certificates for specific Training courses, issued by Black Hat.
Note: You must be physically present at your registered Training course to qualify for a Certificate of Completion.
If your organization requires proof of your participation in Black Hat Trainings, these certificates provide a record of the skills and applied knowledge you’ve gained.
Note: To earn a Black Hat certificate, you must sit for an on-site exam.
Black Hat USA 2026 exams: On-site, Wednesday, 7:00 AM - 8:30 AM PT
Duration: 60 to 120 minutes
Format: Capture the flag, practical, scenario-based problem-solving or project-based evaluations
What’s the Black Hat Arsenal, and why should I care?
Arsenal is where Black Hat’s security community comes together to showcase cutting-edge open-source security tools. Researchers set up at stations and walk you through what they built and why.
Most importantly, you get hands-on experience with industry experts at your side as you refine existing capabilities and gain new skills.
View the Arsenal line-up here (check back periodically for new updates).
How to get the best out of Arsenal:
- If a tool intersects with your domain, ask a question or start a short conversation. But be sure to read the room. If the presenter is mid-demo or inundated with questions, wait. Good timing is key.
- Give before you ask. Offer value where you can, e.g. share a use case, script, or technique. It’s part of the Black Hat culture.
- If the conversation allows, offer to follow up, but only if it’s mutually agreed.
- Use Arsenal to spot early trends. What you see here could become mainstream in the next 12-24 months.
What’s the Black Hat Escape Room, and is it worth doing?
The Black Hat Escape Room is a security-themed experience that runs during the conference.
Teams work through a real-world scenario, built around problems that show up in actual incident response.
If you're attending with colleagues from your security team, book a slot. It takes roughly an hour and could surface gaps in how your group handles defensive security under pressure.
#5 The one thing you’ll want on your Black Hat calendar: Summit Day
What are Black Hat USA Summits?
Summits are single-day events at Black Hat USA.
Each Summit focuses on a specific domain and typically features a mix of research presentations, panels, and working group discussions. In 2026, Summit Day will be on August 4th.
Here are the six Summit Day types planned for 2026:
- CISO Summit (this summit is by-invitation only)
- Financial Threat Summit (this summit is closed to media & analysts)
- Innovators & Investors Summit (this summit has limited space and is application-only)
#6 What is LastPass bringing to Black Hat USA 2026?
LastPass is set to be in Las Vegas for Blackhat USA 2026. Stop by booth #5112 to:
- See a live demo of how LastPass surfaces shadow SaaS and AI tool usage across your organization.
- Talk through how lean IT teams are managing credential security and access control for both SSO and non-SSO apps.
- Bag a 1:1 with a LastPass security expert and meet members of the LastPass TIME (threat intelligence, mitigation, and escalation) team.
- Pick up something worth keeping (hint: your exclusive LastPass swag bag).
Is Black Hat the right conference to think about credential and access security?
More than ever. The threats that Black Hat researchers document, such as browser-based threats, AI agent privilege escalation, and infostealer malware directly impact all organizations.
- LastPass SaaS Monitoring helps your team see what SaaS and AI apps employees are actually using, including tools that connect to both corporate and personal emails.
- LastPass SaaS Protect lets you enforce access controls beyond your SSO boundary.
- And a LastPass vault built on the Zero Knowledge model keeps your info secure with AES-256 encryption and in-vault URL encryption.
The gap between what Black Hat researchers are publishing and what the average small to mid-sized red team has deployed is wide. Narrowing that gap is possible with the right controls. See how LastPass helps lean IT teams close the access gaps that attackers target first.
Sources
Black Hat Training Certification 2026



