👀 Curious about copilots during dev? Tamir Ishay Sharbat thinks making enterprise copilots lie for you isn't all that interesting unless... we are talking about other people's copilots. Learn 15 Easy Ways to Break Microsoft Copilot at the #OWASPSecuritySummit Register now 👉

SSRF in Power Platform – Full Research Live! 🚀 The full write-up of my latest SSRF research in Power Platform is now live on Zenity Labs --> labs.zenity.io/p/the-power-of…!

People being lazy was always the #1 source for security vulns Come on folks, you’re better than that

We're back.

Its nice to see our colleagues at Aim Security joining the party (albeit a bit late) with their EchoLeak blog. Nice work, although the "First Zero-Click AI Vulnerability" was shown at Black Hat 2024 - nearly a year ago. labs.zenity.io/p/links-materi…

0click attack on copilot studio by Tamir Ishay Sharbat you have recon, data harvesting and exfil all packed into one indirect interaction with the victim agent no human in the loop labs.zenity.io/p/a-copilot-st…

Super proud to be part of this research

I’m serious about this, though. LLM agents are (gullible) yes-men deeply integrated behind companies’ auth access. It’s a matter of time before we get a first serious data breach where hackers simply emailed a text file or fill a form convincingly asking agents for confidential

Atlas is definitely vulnerable to Prompt Injection

I am very proud of appearing not once, but TWICE :) in Johann's latest blog post about Antigravity. I urge you to read his blog post and think twice about using Antigravity if security is a concern for you. Below I also share one of my submissions to google's VRP which got