Hacker Summer Camp 2025

August 2-10, 2025

Semgrep will be everywhere during Hacker Summer Camp 2025! We look forward to meeting you onsite to show off our newest features, enjoy spending time with you at our unique events, and make sure you're decked out in the coolest swag.

During our demos, we’ll highlight how Semgrep’s low-noise results and AI guidance across SAST, SCA, and Secrets can help you fix vulnerabilities early, speed up releases, and reduce risk, saving devs up to 30min per finding and cutting AppSec backlogs by 20% overnight.

Interested in a demo of Semgrep’s latest features? Book now!

Request a meeting

Executive Sandbox

Dig This
Aug 5, 2025
RSVP Now!

404: Reality Not Found

Omega Mart
Aug 5, 2025
RSVP Now!

It's All Fun and Games

Level Up
Aug 7, 2025
RSVP Now!

Sub-Zero Social Hour

Minus5º Ice Bar
Aug 7, 2025
RSVP
Schedule

Security Champions Worst Practices, 10 am

Diana Initiative, UNLV Student Union

Join Tanya Janca for a tongue-in-cheek session identifying how things go wrong with security champions programs and how to avoid worst practices.

AI is Writing Code – But Who’s Watching the Machines?, 12:50 pm

The Software Supply Chain Security Summit, Encore

Katie Paxton-Fear joins other industry leaders for a discussion regarding how organizations can establish trust, safety, and accountability in a world where machines are developers.

Inside Risk: Managing the Growing Threat from Within, 9:55 am

Black Hat Financial Services Summit, Oceanside B Mandalay Bay

Tanya Janca and fellow security pros will offer insights on how organizations balance trust and control, implement behavior-based detection, and design programs that integrate insider threat defense with broader security and compliance frameworks.

Executive Sandbox, 4:30 pm - 7:30 pm

Dig This, Las Vegas

Join us for this invitation-only experience that’s uniquely Las Vegas - an adult sandbox. You’ll trade scanning code for building castles with full-size bulldozers and diggers at this exclusive event.

404: Reality Not Found, 6:00 pm - 9:00 pm

Omega Mart

Leave reality at the door as you step through interdimensional portals and explore a brave new world with your new Summer Camp friends at Omega Mart, the wholly unique, immersive Meow Wolf art installation at Area 15.

Tanya Janca Meet and Greet sponsored by Semgrep, 8:00 am - 10:00 am

Starbucks, Mandalay Bay

Drop in with Tanya Janca for a casual coffee chat before the expo hall opens.

Black Hat Business Hall, 10:00 am - 6:00 pm

Mandalay Bay Convention Center, Booth #5221

Visit us for custom live demos and to learn how Semgrep’s low-noise results and AI guidance across SAST, SCA, and Secrets can help you fix vulnerabilities early, speed up releases, and reduce risk.

Semgrep & Palo Alto Networks: Code to Cloud Security, 10:30 am

Mandalay Bay Convention Center, Booth #3240

Hear from Orion Cassetto (Product Marketing @ Palo Alto Networks) and Jack Moxon (Product Manager @ Semgrep) as they share how Semgrep and Palo Alto Networks have joined forces to deliver code to cloud visibility. In this fast-paced session, you'll learn how correlating Semgrep's code findings with runtime and cloud context from Cortex Cloud helps teams prioritize risk, accelerate remediation, and improve their security posture.

Semgrep & Sysdig: From Buildtime to Runtime. Secured All the Time, 11:30 am

Mandalay Bay Convention Center, Booth #5221

Join Jack Moxon (Staff Product Manager, Semgrep) and Eric Carter (Director of Product Marketing, Sysdig) as they share how Semgrep and Sysdig are teaming up to deliver unified code-to-cloud security. You’ll learn how combining Semgrep’s code insights with Sysdig’s runtime context helps teams prioritize and remediate exploitable risks faster across the SDLC. Stop by for this joint 15-minute session to learn how we’re helping teams secure their software from code to cloud.

Tanya Janca Book Signing 12:00 pm - 1:00 pm

Mandalay Bay Convention Center, Booth #5221

Join us at the Semgrep booth for a book signing with Tanya Janca! Meet Tanya and get a signed copy of her new book, Alice & Bob Learn Secure Coding.

Bug Bounty Group Therapy: Confessions, Concerns, and Community Solutions, 1:30 pm

Black Hat Lagoon G, Level 2

Disclosing vulnerabilities is hard, both for the hacker and the organization handling the report, join this panel of hackers and AppSec teams including Semgrep's Dr. Katie Paxton-Fear as they discuss the good, the bad and the legislative side of disclosing and fixing vulnerabilities.

Black Hat Business Hall, 10:00 am - 4:00 pm

Mandalay Bay Convention Center, Booth #5221

Visit us for custom live demos and to learn how Semgrep’s low-noise results and AI guidance across SAST, SCA, and Secrets can help you fix vulnerabilities early, speed up releases, and reduce risk.

Semgrep & Sysdig: From Buildtime to Runtime. Secured All the Time, 11:30 am

Mandalay Bay Convention Center, Booth #5221

Join Jack Moxon (Staff Product Manager, Semgrep) and Eric Carter (Director of Product Marketing, Sysdig) as they share how Semgrep and Sysdig are teaming up to deliver unified code-to-cloud security. You’ll learn how combining Semgrep’s code insights with Sysdig’s runtime context helps teams prioritize and remediate exploitable risks faster across the SDLC. Stop by for this joint 15-minute session to learn how we’re helping teams secure their software from code to cloud.

Semgrep & Palo Alto Networks: Code to Cloud Security, 12:30 pm

Mandalay Bay Convention Center, Booth #5221

Hear from Orion Cassetto (Product Marketing @ Palo Alto Networks) and Jack Moxon (Product Manager @ Semgrep) as they share how Semgrep and Palo Alto Networks have joined forces to deliver code to cloud visibility. In this fast-paced session, you'll learn how correlating Semgrep's code findings with runtime and cloud context from Cortex Cloud helps teams prioritize risk, accelerate remediation, and improve their security posture.

Tanya Janca Book Signing 2:30 - 3:30 pm

Mandalay Bay Convention Center, Booth #5221

Join us at the Semgrep booth for a book signing with Tanya Janca! Meet Tanya and get a signed copy of her new book, Alice & Bob Learn Secure Coding.

Sub-Zero Social Hour, 3:00 - 5:00 pm

minus5 ICEBAR @ Linq Promenade

Whether you’re here to chill with fellow builders, toast to clean code, or just vibe with new friends, this is your mid-week refresh in the heart of the Las Vegas Strip.

It's All Fun and Games at Level Up, 7:00 pm - 10:00 pm

Level Up, MGM Grand

Trade the slide decks and windowless ballrooms for a night of fun and games.

Meet and Greet with Clint Gibler, 1:00 - 2:30 pm

Mandalay Bay Convention Center, Booth #5221

Join us at the Semgrep booth to chat and grab a selfie with Clint Gibler, founder of tl;dr sec and Head of Security Research at Semgrep!

Storytellers: Ethical Hackers in the Digital Spotlight, 1:30 pm

DEF CON Bug Bounty Village

Education in cyber security has often been locked behind certifications or training providers, but more than ever the community is rising to fill this niche ahead of the legacy education providers. In this panel, cyber security content creators including Dr. Katie Paxton-Fear share why they create, how they create, and what it's like to be an e-micro-celebrity.

The AppSec Poverty Line- Minimal Viable Security, 1:40 pm

DEFCON AppSec Village

What is the least amount of security required to put an AppSec on the internet? Join Tanya Janca to find out!

Secure Code Is Critical Infrastructure- Hacking Policy for the Public Good, 3:40 pm

DEF CON Policy Village

Learn about Tanya Janca's multi-year lobbying campaign to improve Canada's code security posture.

Vibe School: Making Dumb Devices Smart with AI, 5:30 pm

DEF CON Creator Stage 4 (IoT Village)

Vibe coding is here and we’ve seen AI create entire web applications from a few sentences, but what about something more low level? Can AI wire circuits? Join Dr. Katie Paxton-Fear to learn more.

Building Better Security Champions: A Hands-On Program Design Workshop, 10:00 am

DEF CON OWASP Room

Build a security champion program in two hours, with Tanya Janca and Stanley Harris.

Meet and Greet with She Hacks Purple and Ray [REDACTED], 12:00 pm

DEF CON OWASP Room

Join Tanya Janca of She Hacks Purple and Ray [REDACTED] for a casual meet and greet hosted by our friends at OWASP.

Blue Team Village: Rob a Bank, 2:00 pm

TBD, DEF CON

Threat modelling is a chore, an important chore but nonetheless a chore, and a chore that burdens security team alone. In this interactive session with Dr. Katie Paxton-Fear we’ll share a fun, Dungeons and Dragons-style experience that will get everyone involved in the threat modeling process (even if they don’t realize it yet)!

Go Hack Yourself: API Hacking for Beginners, 3:00 pm

DEF CON Red Team Village

At this point APIs are old tech, but as they get a second wind thanks to AI and AI agents, they’re back in the spotlight. Join this 2 hour workshop with Dr. Katie Paxton-Fear and learn how to find them, test them and exploit them, with a hands on approach!

DEF CON AppSec Village CTF Winners Announcement, 12:45 pm

DEF CON AppSec Village

Semgrep is a proud sponsor of the DEF CON AppSec Village CTF contest! Join us for the announcement of the big winners.

Tanya Janca Book Signing

Join us at booth 5221 at Black Hat to meet Tanya Janca and get a signed copy of her new book, Alice & Bob Learn Secure Coding!

Tanya will be conducting book signings for an hour on Wednesday and Thursday. Check out the schedule above for exact times!

Let them build.

The best AppSec programs empower their boldest builders to move fast and stay secure.

The AppSec for Builders Manifesto outlines practical, engineer-first principles that help security teams shift from the department of “no” to “go.”

Read the Manifesto

Top 10 Challenge

Get the Guide

Come meet our team

Request a meeting

Discover why top engineering teams trust Semgrep to secure their code early in the development process – without slowing down developer velocity.

During our demos, we’ll highlight how Semgrep’s low-noise results and AI guidance across SAST, SCA, and Secrets can help you fix vulnerabilities early, speed up releases, and reduce risk – saving devs up to 30min per finding, and cutting backlogs by 20% overnight.

Your privacy matters to us. By submitting this form, you agree to our Privacy Policy