Black Hat USA 2026: Dates, Tracks, Tickets, and What Security Professionals Need to Know

Retool's new app builder is where AI-generated code ships safely
Building apps with AI is easy. Getting them to production safely is another story.
Black Hat USA 2026 runs August 1-6 at the Mandalay Bay Convention Center in Las Vegas. It is the conference where new vulnerability research is first disclosed, where offensive tooling gets its public debut, and where the techniques that defenders will spend the next year responding to are demonstrated live on stage. For security practitioners, attending or following Black Hat closely is less a professional luxury than a calibration exercise: the research presented in August tends to define the threat landscape for the months that follow. This guide covers what to expect, who should attend, how the format works, and how to get the most out of the week whether you are there in person or following remotely.
What Is Black Hat USA 2026?
Black Hat USA is an annual security conference organized by Informa Tech. It operates under a strict no-vendor-marketing research model: Briefings presenters are selected through a blind peer review process, and sessions are evaluated entirely on technical merit. This distinguishes Black Hat from vendor-sponsored conferences where the agenda reflects commercial interests. The result is a program that consistently surfaces the most significant new attack research, tool releases, and defensive frameworks of the year.
The 2026 conference runs six days total:
- August 1-4: Trainings (intensive multi-day hands-on courses)
- August 5-6: Briefings (research presentations, keynotes, Arsenal)
The venue is the Mandalay Bay Convention Center in Las Vegas, Nevada, which has hosted Black Hat USA since 2016.
Briefings: The Core of Black Hat
Briefings are 50-minute research presentations delivered over two days. They represent the primary reason most attendees come to Black Hat. Presentations cover new vulnerability classes, active threat actor techniques, offensive tooling, and increasingly, AI-assisted attack and defense research.
Briefings tracks for 2026 include areas such as:
- Exploitation and Vulnerabilities: Novel attack techniques, zero-day disclosures, and vulnerability research
- Malware: Reverse engineering, new malware families, and evasion techniques
- Network Security: Protocol attacks, wireless vulnerabilities, and network detection research
- Application Security: Web, API, and mobile attack surface research
- AI and Machine Learning Security: Prompt injection, model poisoning, AI-assisted offense and defense
- Cloud and Platform Security: Cloud-native attack paths, container escapes, and platform misconfigurations
- Threat Intelligence: Nation-state actor techniques, campaign tracking, and attribution methods
Briefings fill quickly. The most anticipated sessions on new exploits or significant vulnerability disclosures will have standing-room-only attendance within minutes of the doors opening.
Briefings like this, every morning before 9am.
Threat intel, active CVEs, and campaign alerts, distilled for practitioners. 50,000+ subscribers. No noise.
Trainings: Hands-On Technical Courses
Trainings run August 1-4 and are separate from Briefings, with their own registration and pricing. Each Training is a full-day or multi-day course taught by a practitioner covering a specific technical domain in depth. Format options include two-day and four-day courses.
Representative Training categories at recent Black Hat events:
- Red team operations and adversary simulation
- Exploit development and vulnerability research
- Reverse engineering and malware analysis
- Cloud penetration testing (AWS, Azure, GCP)
- Threat hunting and detection engineering
- Social engineering and physical security
- Hardware hacking and IoT security
- Incident response and forensics
Trainings are taught in small groups with hands-on lab environments. Instructors are typically active practitioners or researchers. The cost is separate from a Briefings pass and reflects the instructor and lab infrastructure cost: most Trainings range from $3,000 to $5,500+ for a two-day course.
For security engineers who need to build a specific capability (cloud pen testing methodology, detection engineering workflows, exploit dev fundamentals), Trainings deliver more concentrated practical value than Briefings in a shorter time.
Arsenal and the Business Hall
Arsenal runs during Briefings days and is one of the most underrated parts of Black Hat. Arsenal is an open-source tool demonstration area where researchers showcase tools that are either being publicly released for the first time or receiving significant new features. Access is included with a Briefings pass, and the format is informal: researchers present at tabletop stations and can give live demos. Arsenal is where Metasploit modules, detection rules, exploit frameworks, and threat intelligence tools often make their public debut before the wider community picks them up.
The Business Hall is the vendor expo floor, also included with a Briefings pass. Hundreds of security vendors are present. For practitioners, the Business Hall is useful for comparing tooling in categories relevant to your work, meeting vendor technical teams, and attending sponsored labs or workshops that require pre-registration. It is not the primary reason to attend Black Hat, but the density of technical vendor staff in one place is efficient for procurement and evaluation conversations.
Black Hat USA 2026 Ticket Prices
Black Hat uses tiered pricing that rewards early registration. Prices increase in steps as the conference approaches. The following ranges are representative based on historical pricing:
| Pass Type | Early Registration | Standard |
|---|---|---|
| Briefings Only | ~$2,295 | ~$2,495+ |
| Trainings (2-day) | ~$3,000 | ~$3,500-5,500 |
| Trainings (4-day) | ~$5,000 | ~$6,000+ |
| Trainings + Briefings | Combined pricing | Higher at-door |
Register at the official site (blackhat.com/us-26/) for current pricing. Early registration windows have historically closed 2-3 months before the event.
Government and academic discounts are available for eligible attendees. Group rates apply for registrations of five or more from the same organization.
Briefings Pass
Covers both days of research presentations (August 5-6), Arsenal access, Business Hall, and keynotes. The standard path for practitioners primarily interested in following current research.
Training Pass
Covers one Training course (2-day or 4-day) running August 1-4. Does not include Briefings unless combined. Best for practitioners who need hands-on skill development in a specific area.
Trainings + Briefings
The full Black Hat experience. Attend a Training course for the first four days, then transition to Briefings for the final two. Significant time commitment but maximizes value for the trip.
Who Should Attend Black Hat USA 2026?
Black Hat is worth attending for practitioners who work in roles where current attack research directly informs their work. The technical bar is high: Briefings assume practitioner-level knowledge, and Trainings require the relevant technical foundation to get value from hands-on labs.
High-value attendees include:
Penetration testers and red teamers who need exposure to the newest techniques, tooling, and attack methodologies before adversaries operationalize them at scale.
Threat intelligence analysts who track nation-state and criminal threat actors. Multiple Briefings sessions each year include significant new disclosures on active campaigns, attribution, and tradecraft.
Detection engineers and blue teamers who need to understand what offensive techniques look like before building detection coverage. Attending Briefings on the attack side directly accelerates detection development.
CISOs and security leaders who need to calibrate their program investments against current threat reality rather than vendor marketing. The two-day Briefings commitment is manageable at the executive level.
Vulnerability researchers for whom Black Hat is a primary publication venue and professional gathering.
Black Hat vs DEF CON: Key Differences
Black Hat and DEF CON are the two most significant security conferences in the world, both held in Las Vegas in the same week. DEF CON 34 follows Black Hat USA 2026 directly (typically the weekend immediately after Briefings end). They share attendees, the Las Vegas venue ecosystem, and founding connections through Jeff Moss, but they are different experiences.
Black Hat is a professional conference with registration fees, corporate attendees, a Business Hall of vendors, and a peer-reviewed research program. It has a business and enterprise security focus alongside the offensive research. Vendor presence is significant. The environment is professional.
DEF CON operates on an anonymous, cash-registration model with a significantly lower ticket price ($460 for DEF CON 32 in 2024). The culture is hacker-community-first: Capture the Flag competitions, Villages with specialized tracks, lock picking, social engineering contests, and hardware hacking labs. Corporate vendor presence is minimal. The environment is deliberately informal and adversarial in the best sense.
Most serious practitioners attend both. The common pattern is Black Hat for professional development and research coverage, followed by DEF CON for community, competitions, and the culture. The two events together represent the week the security field consolidates in one city.
How to Get the Most Out of Black Hat 2026
Black Hat is logistically demanding. The conference draws 15,000+ people to a single venue, popular Briefings sessions reach capacity quickly, and the schedule across concurrent tracks requires planning.
Before the conference:
- Review the Briefings schedule when it is published (typically 4-6 weeks before the event) and identify the 8-10 sessions most relevant to your work
- Pre-register for any Arsenal demos or sponsored workshops that require advance registration
- Check if any vendors in your evaluation pipeline will be present and schedule meetings in advance
- Book accommodation early: the Mandalay Bay rooms block out quickly and nearby hotels fill during the same week as DEF CON
During Briefings:
- Arrive early for any session on a new vulnerability class, nation-state actor research, or significant tool release; rooms fill 15-20 minutes before start
- The hallway track (conversations between sessions and in common areas) often delivers as much value as formal sessions; plan time for it
- Take notes on techniques and tool names for follow-up research rather than trying to absorb everything live
After the conference:
- Black Hat typically posts Briefings slides and whitepapers on the official site within days of the event
- Tool releases announced at Arsenal and Briefings appear on GitHub shortly after; follow researchers directly for release announcements
- The research presented in August defines defensive priorities for the remainder of the year; factor disclosed techniques into your threat model updates
Win a Free Black Hat USA 2026 Ticket
Decryption Digest is giving away one full-access Black Hat USA 2026 conference pass (valued at $2,495+) to a subscriber. Entry is free and takes 10 seconds.
To enter: Subscribe to Decryption Digest at decryptiondigest.com/blackhat-2026. One entry per email address. Already subscribed? You are already entered.
Decryption Digest publishes weekly threat intelligence briefings covering active exploits, freshly disclosed CVEs, IOC tables, and CVSS-scored vulnerability analysis. The briefings are written for the same audience that attends Black Hat: security engineers, SOC analysts, penetration testers, and CISOs who need current threat context delivered without vendor noise.
The bottom line
Black Hat USA 2026 runs August 1-6 in Las Vegas. For security practitioners, it is the most important week in the calendar for calibrating your understanding of current offensive techniques, active threat research, and where the field is heading. Whether you attend Trainings, Briefings, both, or follow the research releases remotely, Black Hat defines the threat landscape for the months that follow. If you want a shot at attending on a free pass, enter the Decryption Digest giveaway at decryptiondigest.com/blackhat-2026.
Frequently asked questions
When is Black Hat USA 2026?
Black Hat USA 2026 runs August 1-6, 2026. Trainings are held August 1-4, and Briefings (research presentations) run August 5-6. The conference is held at the Mandalay Bay Convention Center in Las Vegas, Nevada.
Where is Black Hat USA 2026 held?
Black Hat USA 2026 is held at the Mandalay Bay Convention Center in Las Vegas, Nevada. Mandalay Bay has been the conference venue since 2016. The venue is connected to the Mandalay Bay hotel, and numerous other Las Vegas Strip hotels are within walking distance or a short ride.
How much does a Black Hat USA 2026 ticket cost?
A Black Hat USA 2026 Briefings-only pass typically starts at approximately $2,295 during early registration and rises to $2,495+ at standard pricing. Training passes (hands-on multi-day courses) range from approximately $3,000 to $5,500+ per course depending on length and instructor. Combining Trainings and Briefings increases the total cost. Black Hat uses tiered pricing that increases as the conference date approaches, so registering early is the most cost-effective approach. Check blackhat.com/us-26/ for current pricing.
What is the difference between Black Hat Briefings and Trainings?
Briefings are 50-minute research presentations delivered by security researchers across August 5-6. They cover new vulnerability disclosures, attack techniques, offensive tooling, and defensive research, and are selected by blind peer review. A Briefings pass gives access to all presentations, the Arsenal (open-source tool demos), and the Business Hall. Trainings are separate multi-day hands-on courses running August 1-4, taught by practitioners in small groups with lab environments. Trainings and Briefings have separate registration and pricing; they can be attended independently or combined.
What is Black Hat Arsenal?
Arsenal is an open-source tool demonstration program that runs during Briefings days (August 5-6) and is included with a Briefings pass. Researchers present new or updated open-source security tools at tabletop stations with live demonstrations. Arsenal is where many significant offensive and defensive tools make their public debut before the wider community picks them up. It is an informal, high-signal complement to the Briefings program for practitioners who want to evaluate new tooling.
What is the difference between Black Hat and DEF CON?
Black Hat is a professional conference with corporate registration fees, a vendor Business Hall, and a peer-reviewed research program focused on practitioner and enterprise security audiences. DEF CON is a community hacker conference held the weekend after Black Hat, with lower ticket prices (paid anonymously in cash at the door), no corporate vendor floor, and a culture built around CTF competitions, Villages, and community participation. Both events share the same Las Vegas timing and attendee overlap. Most serious practitioners attend both: Black Hat for professional development and research coverage, DEF CON for community and competitions.
Who should attend Black Hat USA 2026?
Black Hat USA 2026 is most valuable for security practitioners whose work is directly informed by current attack research: penetration testers and red teamers who need exposure to the newest techniques before they are widely operationalized, threat intelligence analysts tracking active campaigns, detection engineers building coverage for emerging techniques, and CISOs calibrating program investments against actual threat reality. The technical bar for Briefings is high; most sessions assume practitioner-level knowledge. Trainings require sufficient technical foundation in the specific domain to get value from hands-on labs.
How can I get a free Black Hat USA 2026 ticket?
Decryption Digest is giving away one full-access Black Hat USA 2026 conference pass valued at over $2,495. To enter, subscribe to the newsletter at decryptiondigest.com/blackhat-2026. Entry is free and requires only an email address. One entry per address; existing subscribers are automatically entered. The winner will be selected from active Decryption Digest subscribers and notified by email before the event.
Sources & references
- Black Hat USA 2026 Official Site
- Black Hat USA 2025 Review: Dark Reading
- Informa Tech Black Hat Event Overview
- SANS Institute: Security Conference Selection Guide 2026
Free resources
Critical CVE Reference Card 2025–2026
25 actively exploited vulnerabilities with CVSS scores, exploit status, and patch availability. Print it, pin it, share it with your SOC team.
Ransomware Incident Response Playbook
Step-by-step 24-hour IR checklist covering detection, containment, eradication, and recovery. Built for SOC teams, IR leads, and CISOs.
Get threat intel before your inbox does.
50,000+ security professionals read Decryption Digest for early warnings on zero-days, ransomware, and nation-state campaigns. Free, daily, no spam.
Unsubscribe anytime. We never sell your data.

Founder & Cybersecurity Evangelist, Decryption Digest
Cybersecurity professional with expertise in threat intelligence, vulnerability research, and enterprise security. Covers zero-days, ransomware, and nation-state operations for 50,000+ security professionals every morning.
Win a $2,495 Black Hat pass.
Full-access to Black Hat USA 2026 in Las Vegas. Subscribe free to enter.
