YellowHat 2026 has officially wrapped up, marking a phenomenal start to the year! On January 13th, the global Microsoft Security community united—both on the ground in The Netherlands and via a massive global livestream—for a day dedicated exclusively to deep-dive, level 400+ technical content. Building on last year's massive success, the 2026 edition solidified YellowHat as the premier event "by the Microsoft Security community, for the Microsoft Security community."
By Guest Blogger: Marteen Goet
Level 400+ content: no fluff, just tech
With 250 attendees in person and thousands more tuning in worldwide, we explored the absolute cutting edge of Microsoft Sentinel, Microsoft Defender, Microsoft Purview, and Microsoft Entra. True to the mission, YellowHat skipped the basics to tackle the most advanced challenges in cybersecurity head-on.
YellowHat swagThe agenda was packed with 8+ hours of expert sessions designed to arm defenders with actionable knowledge, including:
"The Future of AI for Security": The Microsoft Security CTO Office kicked off the event by examining how GenAI is transforming the modern SOC.
- "Inside MDE Telemetry": A unique collaboration between Security MVP Olaf Hartong and Microsoft's Saar Cohen, giving a rare look "under the hood" of Microsoft Defender for Endpoint’s data collection.
- "The Rise of Agentic Defense": Microsoft's Corina Feuerstein explored the critical future of automated defense as AI reshapes the landscape.
- "AiTM in the Wild": Speakers shared two years of real-world monitoring data on Adversary-in-the-Middle attacks, revealing rare insights into attacker tradecraft.
The thrill of the hunt: Capture the Flag
Created by Security MVP Mehmet Ergene, this year's CTF put participants directly in the shoes of threat hunters and incident responders. The challenge tested their ability to investigate logs, expose kill chains, and hunt for TTPs across a realistic data cluster—all while mastering Microsoft Defender and KQL. A massive salute to the top Ninjacats:
- 🥇 1st Place: The KQLinators (Otto van Wieringen & Niek van Gastel).
- 🥈 2nd Place: The Collective Consulting.
- 🥉 3rd Place: Petter Sandholdt (secimit).
Want to see if AI could solve the CTF? Check out the write-up by Security MVP Nicola Suter on using Microsoft Fabric Real-Time Intelligence (RTI) during the event.
Community powered protection
YellowHat 2026 speakers.Just as construction workers wear yellow hard hats for safety, YellowHat attendees wear theirs to symbolize their vital role as defenders. They come together to build and protect their enterprises.
This incredible event was powered by a lineup of dedicated community leaders, including Maarten Goet (MVP an RD), Jeroen Niesen (MVP), Koos Goossens (MVP), Fabian Bader (MVP), Myron Helgering (MVP), Olaf Hartong (MVP), Rhesa Baar (Microsoft), and Tom Rolvers.
What’s next?
YellowHat 2026 was bigger and bolder than ever, but we are just getting started. The team is already looking toward Yellow Hat 2027 with plans to expand our global reach and continue delivering the deep technical content you crave!
Microsoft