VYPR
advisoryPublished Jul 17, 2026· 1 source

Microsoft Security to Address AI and Supply Chain Threats at Black Hat USA 2026

Microsoft Security will present insights on defending against AI-powered threats and ongoing supply chain attacks at Black Hat USA 2026, highlighting how threat actors exploit trust in digital ecosystems.

Microsoft Security is set to be a prominent participant at Black Hat USA 2026, focusing its presentations and discussions on the evolving landscape of cybersecurity threats, particularly those leveraging artificial intelligence and exploiting trust within software supply chains. The company's presence at the conference aims to equip security professionals with the latest intelligence and strategies to defend against increasingly sophisticated attack vectors.

At the core of Microsoft's message is the observation that threat actors are increasingly targeting the very elements organizations rely on: software, services, identities, development workflows, and AI systems. This "following trust" approach means that a compromised package, a vulnerable build pipeline, a trusted tool, or an AI agent with excessive permissions can all become entry points for attackers seeking to scale their impact. Microsoft Security's sessions will delve into how these trust paths are being abused and how security teams can proactively identify and mitigate these risks.

Keynote speaker David Weston, CVP of Agentic Security, will deliver "The End of Rare: Defending When Offense Is Cheap." This session will explore the implications for security teams when offensive capabilities become more accessible, automatable, and scalable, posing a fundamental challenge to traditional defense models. The discussion will frame the urgent need for security operations centers (SOCs) and analysts to adapt to a threat environment where adversaries can operate with increased speed and agility.

Further elaborating on the supply chain threat, Aarti Borkar and Tanmay Ganacharya will present "Poisoned at the Source: Inside the Hunt for Supply Chain Attacks." This main stage session will provide an in-depth look at Microsoft Threat Intelligence's ongoing investigations into attacks targeting software ecosystems, developer workflows, and trusted services. A significant focus will be placed on the current npm (Node package manager) supply chain attacks, detailing how these campaigns are impacting the broader threat landscape and the challenges organizations face in securing their software dependencies.

Beyond the main stage, Microsoft Security researchers will present peer-reviewed technical research in the Black Hat Briefings. Topics will span cloud security, mobile defense, and software supply chain integrity, including sessions on building EDR for GitHub, exploiting trust models in AI assistants, and chaining Azure automation flaws for cross-tenant identity takeover. These deep dives offer practical insights and advanced techniques for security practitioners.

Microsoft will also host several expert-led sessions designed to bridge the gap between threat intelligence and decisive action. These include discussions on "Mind the Gap: Turning Threat Intelligence into Decisive Action with Expert-Led Defense" and "Agentic Security: What’s Next," providing attendees with actionable strategies for enhancing their security posture. The company will also showcase new offerings like Microsoft Defender Experts Threat Intelligence and Microsoft Defender Experts MDR, which provide curated intelligence and extended multicloud coverage.

Attendees can engage directly with Microsoft Security experts at booth #2144 throughout the conference, from August 4-6, 2026, at Mandalay Bay in Las Vegas. The booth will feature research, community engagement, and hands-on defense demonstrations. Microsoft is also hosting a reception on Wednesday evening for further networking and discussion.

Microsoft's comprehensive participation at Black Hat USA 2026 underscores the critical intersection of AI, supply chain security, and the fundamental concept of trust in modern cybersecurity. The company aims to foster a collaborative environment where the latest research and strategic insights can be shared to collectively defend against the evolving threat landscape.

Synthesized by Vypr AI