Unveiling Groundbreaking Research on AI Threats and Supply Chain Vulnerabilities

Black Hat, the most established and comprehensive event series in the cybersecurity industry, has announced the content preview for Black Hat Asia 2026, the leading cybersecurity event in the Asia-Pacific region. Scheduled from April 21 to April 24 at Marina Bay Sands Expo & Convention Centre in Singapore, the event will highlight the latest advancements in cybersecurity, focusing on the increasing threats from artificial intelligence (AI) and supply chain vulnerabilities, two areas that are driving significant security investments in the region.

Featuring a curated selection of expert-led Briefings, immersive Trainings, and state-of-the-art tool demonstrations, Black Hat Asia 2026 aims to provide security professionals with the essential knowledge and skills to tackle the rapidly changing threat landscape.

Suzy Pallett, President of Black Hat, highlighted the strategic significance of this year's program: "Black Hat Asia 2026 represents a crucial moment for cybersecurity in the region. The research presented here will fundamentally transform our approach to cybersecurity in an AI-driven world."

Here's a look into what researchers will be unveiling:

Key Research:

• Smartphone Boot ROM vulnerabilities compromising entire device ecosystems

• Four zero-days enabling cross-tenant attacks across Azure and Windows environments

• New DNS cache poisoning attack ("RebirthDay") affecting major providers and hundreds of thousands of servers

• AI weaponization techniques and defense strategies

Addressing Today's Most Critical Threats

This year's program directly confronts the cybersecurity issues making headlines across the region:

• AI-Powered Threats: Exclusive research will uncover how generative AI is being used by threat actors, while highlighting innovative AI-driven defense strategies.

• Supply Chain Vulnerabilities: Presentations will disclose vulnerabilities in critical supply chains, focusing on industries essential to the region’s economy, such as manufacturing, logistics, and technology.

• Regional Investment Surge: The Asia-Pacific region is expected to lead global cybersecurity spending in 2026, driven by rising threats and regulatory demands.

Key Highlights of Black Hat Asia 2026

Breakthrough Briefings: Redefining Defense Strategies

On April 23 and 24, the Briefings program will feature world-renowned researchers unveiling critical vulnerabilities and innovative defense methodologies. These sessions are designed to provide attendees with actionable intelligence to fortify their organizations against emerging threats.

Featured Briefings include:

• Practical Attacks Against Smartphone Boot ROMs – This talk will demonstrate how a single Boot ROM (Read-Only Memory) vulnerability can compromise entire smartphone ecosystems through secure boot bypasses and firmware decryption across multiple manufacturer platforms.

• Breaking Hybrid Boundaries Across Azure and Windows – This talk will reveal how four zero-day vulnerabilities in Windows Admin Center enable complete compromise across on-premises and Azure environments, including cross-tenant attacks.

• RebirthDay Attack: Reviving DNS Cache Poisoning with the Birthday Paradox – This talk will introduce "RebirthDay," a new attack that exploits widespread flaws in DNS (Domain Name System) software to poison internet traffic, affecting major DNS providers and hundreds of thousands of servers worldwide.

Two notable sessions with significant APAC perspectives:

• Violet Blue (award-winning investigative journalist) discusses how the diverse data protection regulations across APAC are prompting a reevaluation of privacy and security frameworks, emphasizing data sovereignty and agency.

• Ari Herbert-Voss (CEO, RunSybil; former OpenAI red team lead) explores the emergence of autonomous AI-driven offensive systems that are now operating continuously at scale, highlighting the obsolescence of traditional point-in-time security testing.

Both sessions address threats with increasing significance for the region, particularly as APAC encounters a rise in ransomware and more intricate regulatory landscapes.

Hands-On Trainings: Building Tomorrow’s Cyber Defenders

From April 21 through April 24, Black Hat’s intensive Trainings will offer participants the opportunity to master critical skills in areas such as malware analysis, AI red teaming, and advanced threat intelligence. These courses are led by top practitioners and designed to transform theoretical knowledge into practical expertise.

Trainings highlights include:

• The FLARE Team's Guide to Reverse Engineering Modern Malware – This course will equip students with the skills to reverse engineer advanced malware that bypasses modern detection systems.

• AI Red Teaming: Attacks on LLMs, Agents, and Multimodal Systems – This course will teach students systematic techniques to identify and exploit vulnerabilities in modern AI systems, including LLMs, agents, and multimodal applications.

• Practical GenAI for Threat Intel: Real-World Agentic Workflows for Cyber Threat Intelligence – This course will prepare students to build and deploy AI-powered threat intelligence systems using advanced techniques like Retrieval-Augmented Generation (RAG), multi-agent workflows, and fine-tuning for real-world security challenges.

Black Hat Arsenal: Showcasing Innovation in Action

The Arsenal program, running on April 23 and April 24, will feature live demonstrations of cutting-edge open-source tools developed by the global cybersecurity community. This interactive platform fosters collaboration and innovation, enabling attendees to engage directly with tool developers.

Featured tool presentations include:

• QuantumStrand (qs): A Structural Approach to String Analysis for Rapid Indicator Filtering – This tool transforms flat string lists into structural maps, enabling analysts to rapidly filter noise and focus on crucial indicators during malware triage.

• vet: Open Source Software Supply Chain Security Guardrail in the age of AI SDLC – This tool proactively detects malicious packages before they appear in databases and integrates with AI coding tools to provide conversational analysis for developer-first defense.

• Prowler Open Cloud Security - release of v6.0 – This tool provides continuous monitoring, security assessments, compliance audits, and incident response across major frameworks including CIS, NIST, GDPR, and HIPAA.

Top Sponsors and Partners of Black Hat Asia 2026 include:

• Platinum Sponsors: Bitdefender, Broadcom, Concentric AI, SOCRadar Cyber Intelligence, ThreatLocker, and Tines.

• Silver Sponsors: Corellium, EasyDMARC, Filigran, Fortra, ManageEngine, SecureFlag, Sparrow, Sumo Logic, TuxCare, and Varonis.

• Sustaining Partners: Armis, Cisco, CrowdStrike, Cyera, Google, ManageEngine, Qualys, SentinelOne, Sophos, Tenable, TrendAI, Varonis, and Wiz.

• Global Partners: Broadcom, Concentric AI, Corellium, EasyDMARC, HackerOne, Semgrep, ThreatLocker, VulnCheck, and wolfSSL.

Registration and Event Details

Complete program details, speaker information, and registration are available at blackhat.com/asia-26/.