Cobalt LogotypeWhite

See you in Vegas

What launches in Vegas doesn't stay in Vegas
Black Hat: August 1st - 6th, 2026
BSides: August 3rd - 5th, 2026
Def Con: August 6th - 9th, 2026

Here's what we're bringing to fabulous Las Vegas:

  • Hear what's new. We're announcing something special at Black Hat. Come to Booth 4903 and be the first to see where PTaaS is headed next.
  • Bring your hardest problem. Our pentesters and security experts are on the ground all week. Tell us what you're up against and we'll tell you how we'd approach it.
  • See the Cobalt platform live. Get a hands-on demonstration of PTaaS and see how Cobalt delivers continuous, on-demand pentesting with elite human expertise behind every test.
  • Schedule now, skip the chaos. Book dedicated time with the team before the week gets away from you.

Meet with Cobalt

Book your time with our team.
Vegas moves fast. Use the form above to schedule dedicated time with Cobalt before your calendar fills up.
Black Hat USA - Booth 4903
Stop by to see what we're launching, meet the researchers behind the work, and get a live look at the Cobalt platform. Our pentesters are on the floor all week.
BSides and DEFCON
We're on the ground all week. If you want to talk about offensive security, AI pentesting, or what we've been building, come find us or book time.
Attend Cobalt Speaker Sessions
Meet the Cobalt team to explore a more programmatic approach to security testing. Powered by a combination of AI and elite human pentesters and informed by over a decade of real-world pentesting intelligence, Cobalt helps organizations continuously identify, validate, and remediate vulnerabilities.

Black Hat USA

AI Session

Aug 6, 2026 | 1:30 PM PDT

Meet the Cobalt team to explore a more programmatic approach to security testing. Powered by a combination of AI and elite human pentesters and informed by over a decade of real-world pentesting intelligence, Cobalt helps organizations continuously identify, validate, and remediate vulnerabilities.
GunterOllmann
Gunter Ollmann
CTO, Cobalt

DEF CON 34

Hacking Big Iron: When Modern Security Assumptions Fail on Mainframes

DATE TBA

Mainframes still underpin critical infrastructure such as banking, airlines, and government systems, yet most modern security teams approach them using assumptions formed around Unix, Windows, and enterprise platforms. These assumptions often fail on z/OS, creating blind spots that are difficult to detect and easy to underestimate.

This talk explains how mainframe security actually works and why familiar concepts such as "root," shells, ports, and lateral movement do not translate cleanly. Focusing on components like JES, JCL, RACF, CICS, and PR/SM, we explore where attackers and defenders truly operate today: transactions, security managers, and management boundaries.
Adam-Toscher-speaker
Adam Toscher
Security Researcher, Cobalt

BLACK HAT USA

MCParasite: Universal MCP Worm Security Testing Framework

Aug 6, 2026 | 11:20 AM PDT

MCParasite takes prompt injection and tool poisoning techniques that already exist and chains them into a self-propagating worm that lives inside MCP. A single rogue server poisons the agent's context the moment it connects.

The agent then writes a payload to whatever channel it has access to: Slack, GitHub, Jira, email. A completely separate agent on a different system reads that message, gets infected, and starts executing commands on its own. Shell access, credential theft, data exfiltration. The victim agent never touched the malicious server. We tested 8 models from 4 vendors. 5 out of 6 propagated the worm. We are actively expanding to DeepSeek and others; the talk will cover full results across all major frontier models.
Utku-Yildirim-speaker
Utku Yildirim
Pentester, Cobalt

DEF CON 34

Deep Dive into Fuzzing (Course)

Aug 10 - 11, 2026 | 8:00 AM - 5:00 PM PDT

Attendees would be emulating techniques which would provide a comprehensive understanding of "Crash, Detect & Triage" of fuzzed binaries or software. In "Deep dive into fuzzing" we will be covering a detailed overview of fuzzing and how it can be beneficial to professionals in uncovering security vulnerabilities with a hands-on approach through focus on labs.

Finding vulnerabilities in software requires in-depth knowledge of different technology stacks. Modern day software’s have a huge codebase and may contain vulnerabilities, manually verifying such vulnerabilities is a tedious task and may not be possible in all cases. This training is designed in such a way that it introduces the concept of fuzzing and vulnerability discovery in software’s covering multiple platforms such as Linux & Windows and triage analysis for those vulnerabilities.
Dhiraj-Mishra-speaker
Dhiraj Mishra
Pentester, Cobalt
Zubin-Devnani-speaker
Zubin Devnani
Pentester, Cobalt