Itamar Tal

How do you get to the top 1%? Roy Miara, an (OG!) member of the technical staff at @Tenzai_Labs, shares his thoughts on building an AI hacker from scratch that can beat 99% of humans: (Full read 👉 blog.tenzai.com/tenzais-ai-hac…)

Let's go! @PashaGur @itamartal @OfriZiv @ArieZeitlin @anermazursky @NathanPerdue2 💪 finance.yahoo.com/sectors/techno…

Humans simply don't scale. So we created AI hackers that find vulnerabilities created by humans or other AI agents - and we're seeing they're better than humans 99% of the time 🎯 Thanks @NYSE for a riveting conversation with CEO @PashaGur on the sidelines of @OneRSAC.

Who needs a real, genuine, in depth pen test, with results next week? If anyone was hurt by Delve’s operations, we are here to help. Ping me.. We will help.

The Tenzai cofounders have created an AI hacking agent using OpenAI and Anthropic tools. They say AI has become so adept at hacking it might need regulatory controls, urgently. forbes.com/sites/thomasbr…

Just in ⚡️: Most AI security claims are based on demos or bug bounties. We tested ours differently: CTF competitions designed for human hackers. Result: Top 1% 🔝 → better than 125,000+ participants 🤯 Still behind the very best humans. But now: elite offensive capability can run on demand, at scale. Get the findings: blog.tenzai.com/tenzais-ai-hac… Read @Forbes' take: forbes.com/sites/thomasbr…

We evaluated @Tenzai_Labs AI hacker across six major CTF competitions designed for humans. Result: Top 1% performance, outperforming 125,000+ human hackers across different domains - web hacking, ai hacking, low level system hacking. We wanted to see what @Tenzai_Labs's hacking agent is really capable of in the most complicated and competitive environments, where to excel, one needs to solve increasingly difficult challenges. The results we achieved surprised even me. This is incredible evidence of what AI agents with the right harness can do and I expect it to only get better from now. blog.tenzai.com/tenzais-ai-hac…

Claude adds code security. They say, “Security solved.” Meanwhile in prod: ‼️ Enterprise services trust consumer services ‼️ Over-permissive IAM ‼️ Someone forgot to enable the captcha You can read code You can’t read reality Get it: blog.tenzai.com/test-in-prod-o…

.@AnthropicAI: “We improved code security.” Internet: “Security market disrupted.” Market: 🤯 ** Reality: You cannot secure modern applications by reviewing code alone. ** @Tenzai_Labs CTO and cofounder @ArieZeitlin explains: blog.tenzai.com/test-in-prod-o…

What a week for AI! But also: what a week for cracked human hackers! ⚡️ Our community met up - in person (!) - to hear from the rarest of talent, share notes, and try to guess who's who on the CTF leaderboards 🕵️‍♂️ Another @Tenzai_Labs meetup, wrapped. @oridavid123 @OfriZiv @ace__pace

📢 PSA for enterprise security teams: Most pentesters know to check forwarded headers (it’s a classic attack!) but because it’s rarely an issue in real life it always drops off the priority list. Agents, on the other hand, don’t make that tradeoff. They keep grinding the coverage and other metrics. 🏃 Read this real life incident from the Tenzai trenches --> blog.tenzai.com/when-we-alread…

“We already passed the pentest!” - said so.many.people. 😨 Comes up a lot in enterprise environments. Sadly, it's often not enough. We’re kicking off "From the Tenzai Trenches," a series of real-world stories from deploying AI hackers in enterprise environments. This time: an internal app passed a reputable human pentest, and still had a pre-auth critical vulnerability hiding in plain sight 💀 Get all the details 👉 blog.tenzai.com/when-we-alread…

A new day, a new vibe coding release to production. We love to see it 😎 but what about security, you ask? It ain't pretty. 🤯 @CNBC covered the critical security flaws shipped together with vibe-coded software, from popular agents like @AnthropicAI's @claudeai, @Replit, and @OpenAI's Codex: cnbc.com/2026/01/15/ai-… Full research: blog.tenzai.com/bad-vibes-comp…

✳️New @Tenzai_Labs Research✳️ As coding agents and vibe coding go mainstream, one question keeps coming up: how secure is the code these agents actually generate? And more importantly, which agent is the most secure? To find out, @oridavid123 put @Cursor_ai, @OpenAI's Codex, @AnthropicAI's Claude Code, Cognition's @DevinAI and @Replit head-to-head in a test. Each was tasked with building the same applications using a set of identical prompts. We then unleashed Tenzai’s hacking agent on the vibe-coded apps to uncover vulnerabilities and compare which of the agents performed best. The verdict? There are no winners. 👇blog.tenzai.com/bad-vibes-comp…

🚨 NEW RESEARCH 🚨 We tested 5 AI coding agents (@cursor_ai, @claudeai, @OpenAI's Codex, @Replit, and @cognition's @DevinAI), and let them build real apps. Then, we hacked them: 💥 69 vulnerabilities 💥 Broken auth & logic everywhere 💥 Almost zero security controls Conclusion: There is a leaderboard for secure vibe coding; vibe coding ships fast - and ships risk. Dive in: blog.tenzai.com/bad-vibes-comp…

Our research work at @Tenzai_Labs in the news 😎

I've never felt this much behind as a programmer. The profession is being dramatically refactored as the bits contributed by the programmer are increasingly sparse and between. I have a sense that I could be 10X more powerful if I just properly string together what has become available over the last ~year and a failure to claim the boost feels decidedly like skill issue. There's a new programmable layer of abstraction to master (in addition to the usual layers below) involving agents, subagents, their prompts, contexts, memory, modes, permissions, tools, plugins, skills, hooks, MCP, LSP, slash commands, workflows, IDE integrations, and a need to build an all-encompassing mental model for strengths and pitfalls of fundamentally stochastic, fallible, unintelligible and changing entities suddenly intermingled with what used to be good old fashioned engineering. Clearly some powerful alien tool was handed around except it comes with no manual and everyone has to figure out how to hold it and operate it, while the resulting magnitude 9 earthquake is rocking the profession. Roll up your sleeves to not fall behind.

Hey you! If *our manifesto* gets your heart racing and your mind lit up - if you want to build systems that reason, break, and adapt in real time - we want to work with you. We’re hiring engineers + researchers + hackers in 📍 Tel Aviv who care about rigor, ownership, and doing hard things well, with a willingness to question existing assumptions: #joinus" target="_blank" rel="nofollow noopener">tenzai.com/#joinus We're out of stealth and building #AI #hackers in the open, systems that actively explore, reason about, and break real, evolving software. This is deep, hands-on work on complex systems, where #security, AI, and modern software meet.

Software is becoming machine-generated, and the pace keeps accelerating. But the way we test software hasn’t evolved, which means one thing is always sacrificed: security or quality. @Tenzai exists to end that trade-off: a tireless, AI-native hacker that can find vulnerabilities that only 2% of human pentesters can find and do it in hours and not weeks, 24/7. - Stuff Yair Snir and I discussed at @CyberWeekTLV yesterday. #CyberWeek

Eurovision winner Dana International, the competition’s first trans victor has a message for the boycotters: Good evening, the Netherlands, Spain, Ireland, and Slovenia. I have performed in your countries numerous times - on your stages and on television shows. I was always welcomed with warmth and love, and you sang with me "Viva La Diva", connecting to the message I brought with me: a message of equality, acceptance, human dignity, and the basic rights of every person. You know, Israel is the only country in our region that is this liberal. Tel Aviv Pride parade is one of the largest in the world. We are also the Holy Land, the land of the Bible - whose capital, Jerusalem, holds the holiest sites of the three monotheistic religions, and draws people from all around the world to pray. But we are also the land of Tel Aviv, of beaches, of some of the biggest Pride parades in the world, and of epic parties. Beyond that, we’ve been part of the Eurovision Song Contest for many years. We try our best in the competition, and sometimes we even succeed. So, explain to me how and why you have turned against us and announced your withdrawal? You no longer want us singing with you? Do you understand how violent and insulting that decision is? How much it adds only hatred and harm? A large part of the people in Israel do not agree with our government. They want a different government. You don’t punish an entire country because you disagree politically with its government. The unbearable war that went on far too long has ended. It is legitimate to criticize it and to resent how long it lasted. Nevertheless, it must not be forgotten that Israel is a country fighting for its existence, trying to balance security challenges with sanity and liberal values, things that are not well accepted in the region we live in. Hamas executes people for being gay. Almost every Eurovision winner would have been hanged in the town square in Gaza. That doesn’t justify anything, and of course we must fight for peace and reconciliation with all human beings. Announcing a withdrawal from Eurovision harms the very idea of peace, harms Israel, and harms the contest itself. I believe this decision will be reversed, and that we will all celebrate together at Eurovision with this message of equality, love, and acceptance, and with the music that brings people together. Because that is what Eurovision is truly about. Looking forward to hearing your Eurovision song, instead of declarations of boycott.