The second day of Black Hat MEA in Riyadh noticed hundreds of cybersecurity specialists, founders, and CISOs collect to dissect a menace horizon that’s shifting by the minute. The occasion, which has turn into a focus for the worldwide safety group, moved past concept into high-pressure intelligence sharing, reside simulations, and the world’s largest Seize the Flag (CTF) competitors.
Discussions throughout the Govt Summit and Briefing levels centered on the realities shaping 2026: the fast growth of assault surfaces, the affect of AI on determination cycles, and the fragility of provide chains.
AI as essential infrastructure
A recurring theme was the pivotal function of synthetic intelligence in each protection and assault. Anne Marie Zettlemoyer of the Nationwide Safety Institute delivered a stark evaluation of the panorama.
“The techniques we defend and the pace at which we defend them have modified extra prior to now couple of years than within the earlier twenty,” she stated, emphasising that AI has transitioned from an rising thought to “our subsequent essential infrastructure.”
Zettlemoyer challenged the attendees to cleared the path in defining accountable AI safety. “Black Hat is not only a convention, it’s a gathering of probably the most succesful strategic and highly effective minds wherever on the earth. If anybody can outline accountable AI safety, it’s this group.”
Management in a digital tsunami
Charles Forte, director normal and CIO on the UK Ministry of Defence, used a ‘Browsing the Digital Tsunami’ analogy to explain the problem of management when threats outpace mapping capabilities. He outlined three priorities for an organised response: disciplined processes, new funding in AI-era defence, and rigorous scrutiny of provide chains equal to that of inner techniques.
The dialog additionally turned to the evolving function of the CISO. Derek Cheng, CISO at Deliveroo, led a session on the ‘CISO Maturity Mannequin’, exploring how safety leaders can transition from technical operators to high-impact decision-makers who form danger agendas on the board degree.
Simulating maritime threats
One of many day’s most compelling sensible demonstrations was the Ship Spoofing simulation. Individuals witnessed how fashionable vessel navigation techniques could be manipulated by corrupted information streams. The simulation confirmed ships veering off target in real-time as spoofed coordinates rewrote their route logic, exposing the vulnerability of the maritime transport sector to more and more exact assaults.
Steve Durning, portfolio director of Black Hat MEA at Tahaluf, commented: “The simulations, competitions and hands-on environments are the place concept will get pressure-tested and the place groups uncover what really holds up towards actual assaults. Riyadh is proving that if you put this degree of functionality in a single place, progress accelerates quick.”
The world’s largest CTF
On the coronary heart of the occasion was the Seize the Flag (CTF) competitors, the place hundreds of specialists engaged in a three-day jeopardy-style event. Testing expertise throughout net, forensics, reverse engineering, and cryptography, the competitors stays open till the finale, with each remaining problem a possible game-changer.
Working in parallel, the Bug Bounty Cup noticed elite hunters drilling into reside targets to floor essential vulnerabilities, pushing the boundaries of moral hacking.
Annabelle Mander, govt vp of Tahaluf, added: “Day two confirmed how shortly this group strikes when the stress is actual. The conversations right here will not be concept. They’re selections that form nationwide resilience and international safety. Riyadh has turn into a spot the place IT leaders evaluate notes, problem assumptions and construct functionality with readability and intent.”