The second day of Black Hat MEA in Riyadh saw thousands of cybersecurity specialists, founders, and CISOs gather to dissect a threat horizon that is shifting by the minute. The event, which has become a focal point for the global security community, moved beyond theory into high-pressure intelligence sharing, live simulations, and the world’s largest Capture the Flag (CTF) competition.
Discussions across the Executive Summit and Briefing stages centered on the realities shaping 2026: the rapid expansion of attack surfaces, the influence of AI on decision cycles, and the fragility of supply chains.
AI as critical infrastructure
A recurring theme was the pivotal role of artificial intelligence in both defense and attack. Anne Marie Zettlemoyer of the National Security Institute delivered a stark assessment of the landscape.
“The systems we defend and the speed at which we defend them have changed more in the past couple of years than in the previous twenty,” she said, emphasising that AI has transitioned from an emerging idea to “our next critical infrastructure.”
Zettlemoyer challenged the attendees to lead the way in defining responsible AI security. “Black Hat is not just a conference, it is a gathering of the most capable strategic and powerful minds anywhere in the world. If anyone can define responsible AI security, it is this community.”
Leadership in a digital tsunami
Charles Forte, director general and CIO at the UK Ministry of Defence, used a ‘Surfing the Digital Tsunami’ analogy to describe the challenge of leadership when threats outpace mapping capabilities. He outlined three priorities for an organised response: disciplined processes, new investment in AI-era defence, and rigorous scrutiny of supply chains equal to that of internal systems.
The conversation also turned to the evolving role of the CISO. Derek Cheng, CISO at Deliveroo, led a session on the ‘CISO Maturity Model’, exploring how security leaders can transition from technical operators to high-impact decision-makers who shape risk agendas at the board level.
Simulating maritime threats
One of the day’s most compelling practical demonstrations was the Ship Spoofing simulation. Participants witnessed how modern vessel navigation systems can be manipulated by corrupted data streams. The simulation showed ships veering off course in real-time as spoofed coordinates rewrote their route logic, exposing the vulnerability of the maritime transport sector to increasingly precise attacks.
Steve Durning, portfolio director of Black Hat MEA at Tahaluf, commented: “The simulations, competitions and hands-on environments are where theory gets pressure-tested and where teams discover what actually holds up against real attacks. Riyadh is proving that when you put this level of capability in one place, progress accelerates fast.”
The world’s largest CTF
At the heart of the event was the Capture the Flag (CTF) competition, where thousands of specialists engaged in a three-day jeopardy-style tournament. Testing skills across web, forensics, reverse engineering, and cryptography, the competition remains open until the finale, with every remaining challenge a potential game-changer.
Running in parallel, the Bug Bounty Cup saw elite hunters drilling into live targets to surface critical vulnerabilities, pushing the boundaries of ethical hacking.
Annabelle Mander, executive vice president of Tahaluf, added: “Day two showed how quickly this community moves when the pressure is real. The conversations here are not theory. They are decisions that shape national resilience and global security. Riyadh has become a place where IT leaders compare notes, challenge assumptions and build capability with clarity and intent.”