Building Open-Source Security Tools
May 1st -2nd, 2026
Application expires in:
For years, African cybersecurity competitions have focused on Capture The Flag (CTF) simulations where teams break into systems to find hidden “flags.” While this builds offensive skills, it leaves the defensive gap wide open.
Africa CyberFest 2026 changes the game. We are retiring the standard CTF to launch the Solutions Hackathon.
This is a 48-hour engineering sprint where cross-functional teams (developers, security researchers, and designers) compete to build Open Source Security Tools that address specific African and global challenges.
Phishing Simulator
Threat Intel
WAF
SIEM
Password Manager
Vulnerability Scanner
Open Track
The Engine is a 48-hour engineering sprint where cross-functional teams compete to build open-source security tools that address real African and global cybersecurity challenges. Unlike traditional Capture The Flag (CTF) competitions that focus on offensive skills, The Engine focuses on building defensive solutions that the community can use long after the event ends.
Participants must be at least 16 years old.
CTFs are excellent for building offensive security skills, but they don't produce lasting artifacts. The Engine shifts focus to creating real, usable security tools that address gaps in the African cybersecurity ecosystem. Every solution built remains open-source, benefiting the entire community.
The Lagos Finals take place on May 1-2, 2026, during Africa CyberFest in Lagos, Nigeria. The virtual sprint begins two weeks earlier on April 17, 2026.
Anyone with skills in software development, security research, or product design. You don't need to be a student, working professionals are welcome. Participants can be from any country, though we encourage African participation.
Teams must have a minimum of 2 and maximum of 3 members. Solo participation is not allowed.
We recommend at least one developer/engineer (mandatory) and one security researcher or practitioner. The third role can be flexible, another developer, a designer, or a product person.
If a selected team member cannot travel (visa issues, emergencies), the remaining members can continue. In extreme cases, teams may present virtually, though this is not preferred.
No. The reference technologies (like Gophish, Wazuh, SafeLine) are suggestions to help you understand the problem space. You can build from scratch, fork an existing open-source project, or use entirely different technologies.
The Open Track allows teams to propose their own security challenge and solution. You must demonstrate clear market need and technical feasibility in your application. Examples include fraud detection for mobile money, compliance automation, or endpoint detection tools.
Yes. For the top 5 teams selected for Lagos, we cover flights (domestic and international if needed) and 2 nights of accommodation.
Meals during the event (May 1-2) are provided.
Depends on your nationality. Check Nigeria's visa requirements early. If you need a visa, inform the organizers immediately after selection so we can provide invitation letters.
Your laptop, chargers, any hardware you need for your demo, and valid ID. We'll provide workspace, power, internet, and meals.
No formal dress code. Wear what's comfortable for a hackathon, you'll be coding and presenting.
When do applications open and close? Applications open on March 15, 2026, and close on April 10, 2026.
What do I need to submit in my application? Your application should include: team name, chosen track, team member details (names, emails, GitHub profiles), a concept pitch describing the problem you’re solving and your proposed approach, and acceptance of the par
