Back
Natan Nehorai, JFrog Security Researcher

Natan Nehorai

JFrog Application Security Researcher

Natan is based in Leshem, Israel, and is currently a security researcher for JFrog. Prior to that he was a Penetration Tester for Accenture, bringing experience from previous roles as a Penetration Tester in the Intelligence Corps of the IDF. He also owns GIAC and OffSec certificates, in the fields of application security, source code review, and mobile forensics. When he’s not researching new vulnerabilities, Natan enjoys spending time with family, reading and drawing.

The Latest From Natan Nehorai

  • Machine Learning Bug Bonanza – Exploiting ML Services
    | 18 min read

    JFrog’s security research team continuously monitors open-source software registries, proactively identifying and addressing potential malware and vulnerability threats to foster a secure and reliable ecosystem for open-source software development and deployment. In our previous research on MLOps we noted the immaturity of the Machine Learning (ML) field often results in a higher amount of discovered…

    Read More  

  • From MLOps to MLOops: Exposing the Attack Surface of Machine Learning Platforms
    | 26 min read

    NOTE: This research was recently presented at Black Hat USA 2024, under the title “From MLOps to MLOops - Exposing the Attack Surface of Machine Learning Platforms”. The JFrog Security Research team recently dedicated its efforts to exploring the various attacks that could be mounted on open source machine learning (MLOps) platforms used inside organizational…

    Read More  

  • When Prompts Go Rogue: Analyzing a Prompt Injection Code Execution in Vanna.AI
    | 12 min read

    In the rapidly evolving fields of large language models (LLMs) and machine learning, new frameworks and applications emerge daily, pushing the boundaries of these technologies. While exploring libraries and frameworks that leverage LLMs for user-facing applications, we came across the Vanna.AI library - which offers a text-to-SQL interface for users - where we discovered CVE-2024-5565, a…

    Read More  

  • Analyzing common vulnerabilities introduced by Code-Generative AI
    | 15 min read

    Artificial Intelligence tools such as Bard, ChatGPT, and Bing Chat are the current big names in the Large Language Model (LLM) category which is on the rise. LLMs are trained on vast data sets to be able to communicate by using everyday human language as a chat prompt. Given the flexibility and potential of LLMs,…

    Read More