Dor Tumarkin
@dortumarkin.bsky.social
Security Researcher, gamer, massive dork with big loud opinions about many many things. I hate my government more than you do.
Hot take: most GenAI solutions are taking data you had and piping it to some major LLM for analysis, and getting back a mixed bag of ok & terrible results. Instead of working, you work harder to validate LLMs (and pay for it). It's another layer of chaos, mislabeling and noise to struggle through.
October 30, 2025 at 1:36 PM
Hot take: most GenAI solutions are taking data you had and piping it to some major LLM for analysis, and getting back a mixed bag of ok & terrible results. Instead of working, you work harder to validate LLMs (and pay for it). It's another layer of chaos, mislabeling and noise to struggle through.
Ori Ron and I found a cool way to attack the HITL, by convincing it to inject content and markup right after commands. Anyone would press Yes if the attackers control the question.
Using AI agents or coding assistants? You might have a LITL problem.
“Lies in the loop” can bypass defenses that rely on a human-in-the-loop check.
Learn more: buff.ly/whnCtFv 🧵1/4
#CheckmarxZero #AppSec #AI #AISecurity #MachineLearning #AIagents #SecureCoding
“Lies in the loop” can bypass defenses that rely on a human-in-the-loop check.
Learn more: buff.ly/whnCtFv 🧵1/4
#CheckmarxZero #AppSec #AI #AISecurity #MachineLearning #AIagents #SecureCoding
Bypassing AI Agent Defenses With Lies-In-The-Loop - Checkmarx
Lies-in-the-loop is a new attack that bypasses AI agent's "human-in-the-loop" defenses to run malicious code on user machines. Learn what it does and how we uncovered it.
checkmarx.com
September 15, 2025 at 2:49 PM
Ori Ron and I found a cool way to attack the HITL, by convincing it to inject content and markup right after commands. Anyone would press Yes if the attackers control the question.
So this might be a stupid question but - if #LLMs that feed themselves ruin their own datasets, wouldn't inbreeding of a several LLMs feeding one another also inevitably result in the same? Wouldn't an LLM-heavy internet inevitably still become a sort of inbred LLM amalgamation meta-model/dataset?
September 11, 2025 at 7:45 AM
So this might be a stupid question but - if #LLMs that feed themselves ruin their own datasets, wouldn't inbreeding of a several LLMs feeding one another also inevitably result in the same? Wouldn't an LLM-heavy internet inevitably still become a sort of inbred LLM amalgamation meta-model/dataset?
We did a thing with Claude Code checkmarx.com/zero-post/by...
It's very cool, but using it to gate automated security code reviews is very, very dangerous
It's very cool, but using it to gate automated security code reviews is very, very dangerous
Bypassing Claude Code: How Easy Is It to Trick an AI Security Reviewer? - Checkmarx
AI Security Reviewer can easily be tricked into ignoring real vulnerabilities or malicious code. Use case Claude Code
checkmarx.com
September 8, 2025 at 8:10 AM
We did a thing with Claude Code checkmarx.com/zero-post/by...
It's very cool, but using it to gate automated security code reviews is very, very dangerous
It's very cool, but using it to gate automated security code reviews is very, very dangerous
Reposted by Dor Tumarkin
Want to see a free, #OpenSource, developer-friendly tool for preventing secrets leaks? Checkmarx Zero's Tal Folkman will be on-site BlackHat #Arsenal (#BHUSA) to demo Too Many Secrets (2MS), available from buff.ly/Yng76l5
Mark your calendar! 2pm (local time) on 6th August, at Arsenal Station 5
Mark your calendar! 2pm (local time) on 6th August, at Arsenal Station 5
July 31, 2025 at 2:13 PM
Want to see a free, #OpenSource, developer-friendly tool for preventing secrets leaks? Checkmarx Zero's Tal Folkman will be on-site BlackHat #Arsenal (#BHUSA) to demo Too Many Secrets (2MS), available from buff.ly/Yng76l5
Mark your calendar! 2pm (local time) on 6th August, at Arsenal Station 5
Mark your calendar! 2pm (local time) on 6th August, at Arsenal Station 5
#CVE-2025-6514 being 9.6 is a bit bullshit. It's kinda cool, but I'm sorry - if you connect with #MCP, a protocol for running code, to an untrusted MCP server, and it runs code - it's a footgun, not an RCE. The exploit itself is very interesting though.
July 14, 2025 at 7:33 AM
#CVE-2025-6514 being 9.6 is a bit bullshit. It's kinda cool, but I'm sorry - if you connect with #MCP, a protocol for running code, to an untrusted MCP server, and it runs code - it's a footgun, not an RCE. The exploit itself is very interesting though.
My condolences to the United States for having lost the Cold War.
March 4, 2025 at 4:44 AM
My condolences to the United States for having lost the Cold War.
And finally part 4 of 4 of my @hf.co security research - bypassing poorly designed model scanners multiple times to smuggle malicious code because the detection mechanism pattern rhymes with "chitty glocklist" 🤷🏼
checkmarx.com/blog/free-hu...
#appsec
checkmarx.com/blog/free-hu...
#appsec
“Free Hugs” – What to be Wary of in Hugging Face – Part 4
Part 4 and of the blog series explores the cyber security risk in the ecosystem of Hugging, the open-source platform that hosts GenAI models.
checkmarx.com
December 6, 2024 at 3:40 PM
And finally part 4 of 4 of my @hf.co security research - bypassing poorly designed model scanners multiple times to smuggle malicious code because the detection mechanism pattern rhymes with "chitty glocklist" 🤷🏼
checkmarx.com/blog/free-hu...
#appsec
checkmarx.com/blog/free-hu...
#appsec
Part 3 of 4 of the Hugging Face security research - so many model-loading HF integrated libs are vulnerable to code execution, but it's all an open secret that no one will fix
checkmarx.com/blog/free-hu...
checkmarx.com/blog/free-hu...
“Free Hugs” – What to be Wary of in Hugging Face – Part 3
Part3 of the blog series explores the cyber security risk in the ecosystem of Hugging, the open-source platform that hosts GenAI models.
checkmarx.com
December 6, 2024 at 3:37 PM
Part 3 of 4 of the Hugging Face security research - so many model-loading HF integrated libs are vulnerable to code execution, but it's all an open secret that no one will fix
checkmarx.com/blog/free-hu...
checkmarx.com/blog/free-hu...
Aaaand here's part 2 of my horrible Hugging Face blog, it's a deeper dive into code execution in protocols used by open source LLM frameworks
checkmarx.com/blog/free-hu...
checkmarx.com/blog/free-hu...
“Free Hugs” – What to be Wary of in Hugging Face – Part 2
Part 2 of the blog series explores the cyber security risk in the ecosystem of Hugging, the open-source platform that hosts GenAI models.
checkmarx.com
November 21, 2024 at 4:40 PM
Aaaand here's part 2 of my horrible Hugging Face blog, it's a deeper dive into code execution in protocols used by open source LLM frameworks
checkmarx.com/blog/free-hu...
checkmarx.com/blog/free-hu...
So I found a ton of interesting crap on Hugging Face, some of it known and some of it less so. Started a 4 part blog about it.
Here's part 1, about configuration and excessive trust in ReadMe files
checkmarx.com/blog/free-hu...
Here's part 1, about configuration and excessive trust in ReadMe files
checkmarx.com/blog/free-hu...
“Free Hugs” – What To Be Wary of in Hugging Face – Part 1
This blog series explores the cyber security risk in the ecosystem of Hugging, the open-source platform that hosts GenAI models.
checkmarx.com
November 21, 2024 at 4:38 PM
So I found a ton of interesting crap on Hugging Face, some of it known and some of it less so. Started a 4 part blog about it.
Here's part 1, about configuration and excessive trust in ReadMe files
checkmarx.com/blog/free-hu...
Here's part 1, about configuration and excessive trust in ReadMe files
checkmarx.com/blog/free-hu...
How fortunate, I closed my Twitter account two weeks ago and hey what do we have here? Hope this one catches, Apartheid Karen can eat ass.
November 17, 2024 at 6:52 AM
How fortunate, I closed my Twitter account two weeks ago and hey what do we have here? Hope this one catches, Apartheid Karen can eat ass.