Microsoft BlueHat

BlueHat Asia is heading to Singapore on September 17–18! 👉Apply now for your chance to join us: aka.ms/bluehatreg Applications close July 17. #BlueHat

Less than one month to go ⏳ The BlueHat Asia Call for Papers closes June 15. Don't miss your chance to share your research! Submit your talk today: aka.ms/BlueHatAsiaCFP

Day 2 at BlueHat 2026 wrapped with new learnings, fresh perspectives, and continued discussions across the security community. From Mark Russinvoch’s keynote to deep technical sessions, the focus stayed clear: advancing security, together. Take a look at some of the highlights from Day 2 ⬇️ #BlueHat

Mark Russinovich's BlueHat keynote this morning was practical and inspiring at the same time. Mark went deep into jailbreaks, prompt injection attacks, and hallucinations, and walked us through what these attacks look like in practice with multiple live demos and examples from both his personal experience and recent news. Most importantly, he walked through mitigation strategies and the latest research on how to defend against them, including FIDES (Flow Integrity Deterministic Enforcement System), a deterministic Information-Flow Control approach for prompt injection mitigation that lets us balance autonomy and security, and his RefChecker tool for catching hallucinated citations. He closed by reminding us that AI safety becomes security, and we must build defenses now or we will get "more OpenClaw at scale." #BlueHat

Day 2 is underway at BlueHat. Here’s a look back at Day 1. A strong start, with the security community coming together to connect, share insights, and tackle real-world challenges. Watch the highlights ⬇️ #BlueHat

Good morning, BlueHat, and welcome back to day 2 ☀️ We’ll start with opening remarks from Tom Gallagher, VP of Engineering, MSRC, followed by a keynote from Mark Russinovich, CTO, Deputy CISO, and Technical Fellow for Microsoft Azure. View the day 2 agenda: aka.ms/bh26agenda #BlueHat

Thank you to everyone who joined us for day 1 of BlueHat 2026! We kicked things off with opening remarks from Tom Gallagher (@secbughunter), VP of Engineering, MSRC, setting the tone for a day focused on shared responsibility, real-world impact, and the strength of the security research community. That energy carried throughout the day, with packed sessions and great conversations across the Villages. We’re grateful to our speakers and to everyone who contributed to the conversations and learning throughout the day. Taesoo Kim, VP of Security Research at Microsoft, explored how modern attack surfaces evolve alongside systems, highlighting the need to rethink assumptions, anticipate abuse paths, and build more resilient defenses. Dylan Ryan-Zilavy and Cameron Vincent (@SecretlyHidden1) demonstrated a novel privilege escalation path in Microsoft APIs, showing how access token audiences can expose overlooked attack surfaces in Entra ID. Mario Samolis (@MarioSamolis) and Allie L. analyzed DPRK-linked malware campaigns across npm, revealing highly structured operations and a scalable methodology for identifying malicious packages. Aaron Crawfis covered the shift to shorter certificate lifetimes, post-quantum considerations, and how attackers can leverage certificate transparency, along with practical guidance to reduce risk. Matt Swann showed how applying Trusted Computing Base principles helps reduce risk across complex cloud dependencies. Henrique Pereira (@ikkebr) and Varsha Chahal shared how they uncovered vulnerabilities in Azure Functions at scale, leading to dozens of real-world cases. James Nix, CISSP and Jason C. discussed practical patterns for safely integrating LLMs into security workflows, including guardrails and common pitfalls. Gautam Peri (@HawkeyeDev) discussed recurring insecure deserialization issues and shared approaches to detect and prevent them at scale. 🙌 Thank you again to our speakers and attendees for a strong start. Between the sessions and the conversations across the Villages, Day 1 showed the strength of this community. Looking forward to Day 2. #BlueHat

At BlueHat 2026, Taesoo Kim, VP Security Research, Microsoft took the stage for the Day 1 keynote to discuss what’s next for security as AI systems begin to scale vulnerability discovery and remediation in ways we haven’t seen before. His talk focused on DARPA’s AI Cyber Challenge (AIxCC), where autonomous systems were designed not just to find bugs, but to deliver full outcomes: proofs of vulnerability, patches, and structured reports. The shift is clear: end-to-end automation is becoming essential, not optional. Team Atlanta’s winning system showed what this looks like in practice. By combining fuzzing, program analysis, and LLM-driven agents, they built systems that can analyze large codebases, identify vulnerabilities, and generate fixes with increasing efficiency. The takeaway: AI doesn’t replace traditional techniques: it amplifies them through orchestration and scale. A key insight was that today’s LLMs are powerful but imperfect. Success comes from designing systems around them: using multi-agent architectures, feedback loops, and validation layers to drive consistent results. Looking ahead, the focus is shifting from competition prototypes to real-world deployment. With emerging standards, benchmarks, and open frameworks, we’re moving toward continuous, autonomous security testing and patching at scale. The bottom line: AI is changing how security work gets done. Researchers aren’t being replaced: they’re being augmented by systems that extend their reach exponentially. #BlueHat

It’s going down! #BlueHat kicked off this morning in Redmond. Great be be back on Microsoft main campus. I’m looking forward the ongoing discussions and collaboration with the security community.

@pfemis We're so excited you're here!

Excited to be at Microsoft #BlueHat Let's go!!!

Good morning, BlueHat! ☀️We’re excited to start Day 1 with you. Grab some breakfast and join us for opening remarks from Tom Gallagher, VP of Engineering, MSRC, followed by our keynote from Taesoo Kim, VP of Security Research at Microsoft. You can find the full agenda here: aka.ms/bh26agenda #BlueHat

Thank you to our BlueHat speakers who joined us for the welcome reception this evening. We are looking forward to welcoming everyone tomorrow for the first day of BlueHat, along with the presentations and conversations that bring this community together. #BlueHat

🎤 BlueHat Speaker Announcement We’re excited to welcome Michael Bargury (@mbrg0), Co-founder & CEO, Zenity, and Tamir Ishay Sharbat (@tamirishaysh), Director of Security Research, Zenity, to the BlueHat stage with their session, “0click Enterprise Compromise in AI Systems.” In this talk, Michael and Tamir will explore how AI assistants can be used in enterprise compromise scenarios, including vulnerability chains that require little to no user interaction. Drawing from real-world examples across platforms like Microsoft Copilot, ChatGPT, Gemini, and Salesforce Einstein, they’ll break down why prompt injection should be treated as an ongoing security risk to manage, not a one-time bug to fix. They’ll also share practical ways to identify and mitigate these attacks using core TTP analysis and the GenAI Attack Matrix, with takeaways you can apply to today’s AI systems.

🎤 BlueHat Speaker Announcement We’re excited to announce that James Nix and Jason Collins, Principal Security Engineers, Xbox Application & Product Security, will be speaking at BlueHat with their session, “From Hype to Hardening: Using LLMs to Improve Application Security in Practice.” In this talk, James and Jason will share how teams can apply LLMs to real security workflows, including threat modeling, design review, and issue triage, without compromising outcomes. Drawing on hands-on experience with ThreatDonkey and DoomBroker, they’ll walk through practical approaches for building safer systems, from constraining model behavior and enforcing least privilege to combining LLM output with static and dynamic analysis

🎤 BlueHat Speaker Announcement We’re excited to announce that Dylan Ryan-Zilavy, Independent Security Researcher, and Cameron Vincent, Senior Security Researcher, Microsoft, will be speaking at BlueHat with their session, “Pulling Strings: From User to Global Admin Via AppIdURIs.” In this talk, Dylan Ryan‑Zilavy and Cameron Vincent will discuss a unique privilege escalation scenario in Microsoft APIs, showing how manipulating access token audiences can lead to unexpected, high‑impact outcomes. They’ll walk through an attack on Azure AD Graph that enabled instant escalation from a standard user to global administrator.

🎤 BlueHat Speaker Announcement We're excited to announce that Jitesh Thakur, Senior Security Engineer, Microsoft, will present “Securing the Future of AI: Securing MCP with Defense in Depth Patterns.” The session outlines a 3-layer model combining deterministic checks, LLM safety analysis, and semantic anomaly detection to help secure MCP-based AI agents.

🎤 BlueHat Speaker Announcement We’re excited to announce that Pete Bryan, Principal AI Security Researcher, Microsoft will be speaking at BlueHat with his session, “Agentic AI Failure Modes: A Year in the Field.” In this talk, Microsoft’s AI Red Team shares a substantial update to its Agentic AI Failure Taxonomy, informed by a year of hands-on red teaming across production systems. Pete will cover how agentic systems have evolved, highlight new failure modes emerging in 2026, and walk through real case studies from testing engagements. The session introduces practical frameworks for identifying, understanding, and mitigating failure modes in agentic AI systems. Attendees will leave with clear, actionable guidance to help design safer, more resilient AI-driven systems.

🎤 BlueHat Speaker Announcement We’re excited to announce that Dr. Abhilasha Bhargav-Spantzel, Microsoft AI, and Jason Martin (@nsxfreddy), Director, Adversarial Research, Hidden Layer, will be speaking at BlueHat with their session, “From Trusted Agents to Adversaries: Securing Agentic AI in the Age of Prompt Injection.” Using real-world examples, Abhilasha and Jason will discuss how increasingly capable AI agents, with growing autonomy and exploitable motivations, can introduce insider-like security risks within enterprise environments. They’ll share how indirect prompt injection, cross-tool manipulation, and social engineering exploit gaps in agent accountability across identity, intent, and execution boundaries. The session will outline a defense-in-depth approach to securing agentic AI systems, combining prompt isolation, adaptive access control, and behavioral verification. Attendees will better understand how to manage risk and secure AI-driven workflows as autonomous systems play a larger role in both enterprise operations and attack surfaces. #BlueHat

🎤 BlueHat speaker announcement Mario Samolis and Allie Luhrs, Senior Security Analysts, Microsoft, are taking the stage at BlueHat with a deep dive into one of today’s most persistent supply chain threats. Their research analyzes more than 1,300 npm packages tied to DPRK-linked activity, including FAMOUS CHOLLIMA and the Contagious Interview campaign. What stands out is not just the scale, but how structured these operations are: weekday release cycles, repeated payload reuse, and a sophisticated C2 infrastructure that leverages trusted hosting platforms to evade detection. In this session, they’ll share: ➤What this activity looks like over time ➤How to spot patterns others might miss ➤How their attribution model distinguishes malicious from benign packages with a strong margin #BlueHat