Natan Nehorai
JFrog Application Security ResearcherNatan is based in Leshem, Israel, and is currently a security researcher for JFrog. Prior to that he was a Penetration Tester for Accenture, bringing experience from previous roles as a Penetration Tester in the Intelligence Corps of the IDF. He also owns GIAC and OffSec certificates, in the fields of application security, source code review, and mobile forensics. When he’s not researching new vulnerabilities, Natan enjoys spending time with family, reading and drawing.
The Latest From Natan Nehorai
-
From MLOps to MLOops: Exposing the Attack Surface of Machine Learning Platforms
| 26 min readNOTE: This research was recently presented at Black Hat USA 2024, under the title “From MLOps to MLOops - Exposing the Attack Surface of Machine Learning Platforms”. The JFrog Security Research team recently dedicated its efforts to exploring the various attacks that could be mounted on open source machine learning (MLOps) platforms used inside organizational…
Read More -
When Prompts Go Rogue: Analyzing a Prompt Injection Code Execution in Vanna.AI
| 12 min readIn the rapidly evolving fields of large language models (LLMs) and machine learning, new frameworks and applications emerge daily, pushing the boundaries of these technologies. While exploring libraries and frameworks that leverage LLMs for user-facing applications, we came across the Vanna.AI library - which offers a text-to-SQL interface for users - where we discovered CVE-2024-5565, a…
Read More -
Analyzing common vulnerabilities introduced by Code-Generative AI
| 15 min readArtificial Intelligence tools such as Bard, ChatGPT, and Bing Chat are the current big names in the Large Language Model (LLM) category which is on the rise. LLMs are trained on vast data sets to be able to communicate by using everyday human language as a chat prompt. Given the flexibility and potential of LLMs,…
Read More