Ofri Ziv

Let's go! @PashaGur @itamartal @OfriZiv @ArieZeitlin @anermazursky @NathanPerdue2 💪 finance.yahoo.com/sectors/techno…

Who needs a real, genuine, in depth pen test, with results next week? If anyone was hurt by Delve’s operations, we are here to help. Ping me.. We will help.

Just in ⚡️: Most AI security claims are based on demos or bug bounties. We tested ours differently: CTF competitions designed for human hackers. Result: Top 1% 🔝 → better than 125,000+ participants 🤯 Still behind the very best humans. But now: elite offensive capability can run on demand, at scale. Get the findings: blog.tenzai.com/tenzais-ai-hac… Read @Forbes' take: forbes.com/sites/thomasbr…

We evaluated @Tenzai_Labs AI hacker across six major CTF competitions designed for humans. Result: Top 1% performance, outperforming 125,000+ human hackers across different domains - web hacking, ai hacking, low level system hacking. We wanted to see what @Tenzai_Labs's hacking agent is really capable of in the most complicated and competitive environments, where to excel, one needs to solve increasingly difficult challenges. The results we achieved surprised even me. This is incredible evidence of what AI agents with the right harness can do and I expect it to only get better from now. blog.tenzai.com/tenzais-ai-hac…

Claude adds code security. They say, “Security solved.” Meanwhile in prod: ‼️ Enterprise services trust consumer services ‼️ Over-permissive IAM ‼️ Someone forgot to enable the captcha You can read code You can’t read reality Get it: blog.tenzai.com/test-in-prod-o…

What a week for AI! But also: what a week for cracked human hackers! ⚡️ Our community met up - in person (!) - to hear from the rarest of talent, share notes, and try to guess who's who on the CTF leaderboards 🕵️‍♂️ Another @Tenzai_Labs meetup, wrapped. @oridavid123 @OfriZiv @ace__pace

✳️New @Tenzai_Labs Research✳️ As coding agents and vibe coding go mainstream, one question keeps coming up: how secure is the code these agents actually generate? And more importantly, which agent is the most secure? To find out, @oridavid123 put @Cursor_ai, @OpenAI's Codex, @AnthropicAI's Claude Code, Cognition's @DevinAI and @Replit head-to-head in a test. Each was tasked with building the same applications using a set of identical prompts. We then unleashed Tenzai’s hacking agent on the vibe-coded apps to uncover vulnerabilities and compare which of the agents performed best. The verdict? There are no winners. 👇blog.tenzai.com/bad-vibes-comp…

Hey you! If *our manifesto* gets your heart racing and your mind lit up - if you want to build systems that reason, break, and adapt in real time - we want to work with you. We’re hiring engineers + researchers + hackers in 📍 Tel Aviv who care about rigor, ownership, and doing hard things well, with a willingness to question existing assumptions: #joinus" target="_blank" rel="nofollow noopener">tenzai.com/#joinus We're out of stealth and building #AI #hackers in the open, systems that actively explore, reason about, and break real, evolving software. This is deep, hands-on work on complex systems, where #security, AI, and modern software meet.

The @NYSE floor just got 🔥! A thrill to see @Tenzai_Labs ✳️ lighting up the trading floor, and much gratitude to the team over at the @NYSE for this fun shoutout - a record-breaking seed round is really just the beginning! Let's go AI hackers!

One shot run on websec.fr - 46 points, 110st place out of 4226 participants✳️

First event right out of the gate: meetup with hundreds of hackers from the !BS community, for researchers by researchers. No buzzwords, no sales pitches, zero bullshit. Only fitting we send @ace__pace to the front line to share skepticism (+ enthusiasm!) around agentic hacking🤡

I got into hacking when I was in high school. It was mostly curiosity - understanding how systems are designed, how they’re implemented, what their limitations are, and how to break them. Then, I started working as a pentester. It was both a challenge and a joy (plus I was getting paid for it!). That same curiosity still drives the best pentesters and hackers in the world. They’re incredibly rare - part scientist, part artist - and their craft keeps the digital world honest, finding what’s broken before attackers do. But mastery doesn’t scale. Software today changes by the hour. AI now writes and ships code faster than any human team can test it. That’s why we built @Tenzai_Labs , an AI based hacker for the right side. Our platform uses autonomous, agentic AI to continuously hack, test, exploit, and help fix vulnerabilities across enterprise software, at the speed of AI. Together with my long-time friends and colleagues, plus a bunch of new brilliant minds, we're tackling this head on. There's no bigger privilege than working alongside people with such talent, grit, and determination. Going after such a world-changing problem was an opportunity I just could not resist. So, here I am, back in the startup grind again 🙂 Read our manifesto here - #manifesto" target="_blank" rel="nofollow noopener">tenzai.com/#manifesto

Enterprise applications are complex, obscure, and mostly crap. Legacy code, modern wrappers around legacy… There’s sometimes a mainframe hiding somewhere. Today’s pen tests just scratch the surface

Over the last 2 yrs LLMs have vastly improved their ability to write syntactically correct code, but they haven’t improved in ability to write code without vulnerabilities which is steady at 45% coding tasks with vulns.

@shauli והכל על חשבון האינטרס הציבור, שנרמס עד דק.

Since 2023, 12 security vulnerabilities were discovered in Kubernetes. 4 of those were identified by our very own @TomerPeled92. Ready for another one? This one is in Log Query and can achieve RCE with SYSTEM privileges on all endpoints in the cluster. akamai.com/blog/security-…

Sometimes features intended for good can be used maliciously. 🫤 Read how @TomerPeled92 discovered an attack technique within Microsoft UI Automation that evades EDR. 👀 One of the possible outcomes is theft of credit card information. akamai.com/blog/security-…

Turns out, sometimes it isn't DNS... it's DHCP 👀 See @oridavid123's research on how DHCP can be used to spoof DNS records- potentially leading to Active Directory compromise. Worst part? No credentials needed, just network access. Full write-up: akamai.com/blog/security-…

Our team looked at all CVEs and pointed out some of the critical/interesting ones. We'll update this post as we go on with our research and patch-diffing, so stay tuned.

🗿 Exploring ancient ruins to find modern bugs: Discovering a 0-day in MS-RPC service, by Ophir Harpaz (@OphirHarpaz) and Stiv Kupchik (@kupsul)