When “safe” documents aren’t.
Research Saturday · N2K Networks
Audio is streamed directly from the publisher (pdst.fm) as published in their RSS feed. Play Podcasts does not host this file. Rights-holders can request removal through the copyright & takedown page.
Show Notes
Omer Ninburg, CTO of Novee Security, joins us on this episode of Research Saturday to discuss their work on "From PDF to Pwn: Scalable 0day Discovery in PDF Engines and Services Using Multi-Agent LLMs." Historically, Portable Document Formats – the immutable, localized PDF – was once considered a “safe” component inside enterprise environments. That is no longer the case.
To demonstrate how PDF services and engines can be exploited, the team at Novee used their proprietary, multi-agent LLM system to uncover vulnerability patterns, and systematically scale them into a broad discovery campaign across two PDF vendor ecosystems.
The research uncovered 16 verified vulnerabilities across client-side PDF viewers, embedded plugins, and server-side PDF services.
The research and executive brief can be found here:
- From PDF to Pwn: Scalable 0day Discovery in PDF Engines and Services Using Multi-Agent LLMs
- Hacker-Trained AI Discovers 16 New 0-Day Vulnerabilities in PDF Engines
Learn more about your ad choices. Visit megaphone.fm/adchoices