The adoption of open-source AI software introduces a new family of vulnerabilities to organizations. Some components in AI, like model serving, include Remote Code Execution (RCE) by design, like when loading pre-trained models from external sources. Traditional SCA and SAST approaches are not built for the AI ecosystem leaving a huge & insecure attack surface. The irony is that in the AI ecosystem, security issues such as remote code execution are actually a feature and not a bug, often specified explicitly in the docs, which most devs don’t read. AI models are often downloaded from...
Gal Elbaz
Co-founder & CTO
Oligo Security
Gal Elbaz is Co-founder & CTO at Oligo Security, specializing in AI and application security, with over 10 years of experience in vulnerability research and practical hacking. His work focuses on securing AI systems, software supply chains, and runtime environments against emerging threats. Prior to founding Oligo Security, he served as a Security Researcher at CheckPoint and gained extensive expertise in cyber operations and intelligence during his tenure with the IDF Intelligence Corps. Gal is passionate about staying ahead of attackers by innovating in areas like AI-based threat detection and defense. In his free time, he enjoys competing in Capture The Flag (CTF) challenges, exploring evolving AI vulnerabilities, and mentoring the next generation of security experts.