CyberWire Daily: Research Saturday

Episode: When “safe” documents aren’t

Host: Dave Bittner (N2K Networks)
Guest: Omer Nindberg (CTO, Novi Security)
Date: March 28, 2026

Episode Overview

This episode dives into the hidden dangers lurking within seemingly "safe" documents, exploring vulnerabilities in widely-used PDF engines that can have widespread consequences for enterprises and users. Dave Bittner speaks with Omer Nindberg, CTO of Novi Security, about their research titled From PDF to pwn, which investigates how attackers can exploit PDF viewers embedded in applications, and how AI-driven tools are rapidly changing vulnerability discovery at scale.

Key Discussion Points and Insights

1. The Hidden Risks in Embedded PDF Engines

Attack Surface Expansion: Many companies embed third-party PDF engines within their applications. If one engine is compromised, attackers could potentially access many companies and their user data.
- “PDF engines are something that a lot of companies embed into their applications...you can compromise lots of companies and customers just by them integrating those PDF engines inside of their applications.” — Omer Nindberg (01:30)
Initial Research Motivation: Novi Security’s approach begins with the assumption that vulnerabilities exist and the goal to understand how far AI can push the discovery process.
- “The mindset of a vulnerability researcher is there’s always another vulnerability…if you keep on digging, you’ll find it or find traces that will lead you to the correct way.” — Omer Nindberg (02:25)

2. Anatomy of a PDF Engine Exploit ([03:24])

Technical Dive (PDFTron Case):
- PDFTron, a popular engine, is embedded as an iframe in hosting applications and communicates via postMessage.
- The researchers investigated undocumented UI configuration parameters and discovered that some inputs allow direct JavaScript evaluation.
  - Obfuscated, minified JavaScript complicated their work.
- Exploit achieved by embedding HTML within SVG elements to bypass security filters, ultimately enabling JavaScript execution.
- “...we found a way to execute JavaScript, which was really nice.” — Omer Nindberg (06:44)

3. Scaling Vulnerability Discovery with AI ([06:49])

Manual Discovery vs. Automation:
- Static code is easier to analyze; dynamic single-page applications pose challenges.
- Dynamic code requires runtime analysis and instrumentation to trace data flow and catch vulnerabilities.
- "In dynamic applications...the only place that the actual code flow can be investigated is actually at runtime." — Omer Nindberg (07:07)

4. Embedding Researcher Instincts into AI ([11:55])

Beyond Simple Pattern Matching:
- AI agents trained not only on code, but on replicating expert intuition: prioritizing interesting leads, recognizing common hurdles (like SVG/HTML embedding), and applying proven bypass tricks.
- Training involved exposing agents to thousands of real-world environments to iteratively improve detection.
- "We actually train our agents on those intuitions and we try to navigate their preferred path to paths that actually correlate to finding more vulnerabilities." — Omer Nindberg (11:55)

Memorable Quote:

“When somebody that...knows how to research vulnerabilities and done it for years...they just have instincts of what’s more important than the other things.” — Omer Nindberg (11:55)

5. Specialized AI Agent Roles: The Swarm Approach ([14:49])

Agent Types:
- Tracer: Maps out the attack surface.
- Resolver: Connects sources (inputs) to sinks (dangerous functions) to hypothesize possible exploits.
- Bypass: Focuses on achieving actual exploitation, often requiring coding expertise.
Workflow Mirrors Human Researchers: Specialized agents mimic distinct phases of manual research, optimizing the chances of a successful find and proof.
- "Each different task requires different skills that the agent needs to embed inside itself." — Omer Nindberg (16:49)

6. From “Vibes” to Proof: Genuine Exploit Validation ([17:21])

Critique of Other AI Tools: Most tools only produce probable findings—“vibes”—versus actual, reproducible proofs.
Novi Security’s Aim: Deliver not just a hypothesis, but working exploit code (e.g., a proof-of-concept script, triggering real xss or idor exploits).
- “So the proof that we provide is actually something that you can just take, run, and then you’ll say, ah, yeah, this makes sense. It does exactly what I would expect it to do.” — Omer Nindberg (18:27)

7. The Changing Game for Defenders ([19:04])

Defenders Must Keep Up:
- Attackers are now armed with tools that make previously labor-intensive, niche vulnerability discovery rapid and routine.
- Security teams must employ equivalent tools and strategies to avoid being outpaced.
- "Defenders must move a lot quicker than before because it’s just easier now to automate and scale everything." — Omer Nindberg (20:32)

Memorable Moments & Notable Quotes

On the thrill of discovery:
- “Once we started to dig deep...we found a way to execute JavaScript, which was really nice.” — Omer Nindberg (06:44)
Describing AI agent learning:
- “It’s not a single action, but...an iterative motion that the goal is at the end to find a vulnerability.” — Omer Nindberg (13:40)
On the dangers of not adopting AI-driven defense:
- “If today there is a tool that can find vulnerabilities that yesterday were impossible...and you’re as a defender not using that tool...you’re going to be in trouble.” — Omer Nindberg (19:32)

Timestamps for Key Segments

| Time | Segment/topic | |---------|------------------------------------------------------------| | 01:30 | The risk of PDF engines in enterprise applications | | 03:24 | Walkthrough: exploiting the PDFTron engine | | 06:49 | Challenges of scaling vulnerability discovery with AI | | 11:55 | How elite researcher instincts are embedded in AI agents | | 14:49 | The collaborative AI “swarm” (tracer, resolver, bypass) | | 17:21 | Differentiating “real proof” from “vibes” in AI security | | 19:04 | Defender takeaways and the new urgency for security teams |

Final Takeaways

Embedded document engines, like PDF viewers, dramatically increase the attack surface for all applications utilizing them, especially when misconfigurations or insecure parameters exist.
Attack techniques now blend deep technical know-how with creative use of document formats (SVG/HTML) and runtime analysis.
AI can scale vulnerability discovery, but to be effective, must be trained not just on code, but on the instincts of human expert researchers.
Defensive teams must rapidly adapt, employing similar AI-powered tools to keep ahead of attackers exploiting these new automated, scalable offensive methods.

Guest: Omer Nindberg, CTO, Novi Security
Research Discussed: “From PDF to pwn”
Host: Dave Bittner, N2K CyberWire

CyberWire Daily: Research Saturday

Episode: When “safe” documents aren’t

Host: Dave Bittner (N2K Networks)
Guest: Omer Nindberg (CTO, Novi Security)
Date: March 28, 2026

Episode Overview

Key Discussion Points and Insights

1. The Hidden Risks in Embedded PDF Engines

Attack Surface Expansion: Many companies embed third-party PDF engines within their applications. If one engine is compromised, attackers could potentially access many companies and their user data.
- “PDF engines are something that a lot of companies embed into their applications...you can compromise lots of companies and customers just by them integrating those PDF engines inside of their applications.” — Omer Nindberg (01:30)
Initial Research Motivation: Novi Security’s approach begins with the assumption that vulnerabilities exist and the goal to understand how far AI can push the discovery process.
- “The mindset of a vulnerability researcher is there’s always another vulnerability…if you keep on digging, you’ll find it or find traces that will lead you to the correct way.” — Omer Nindberg (02:25)

2. Anatomy of a PDF Engine Exploit ([03:24])

Technical Dive (PDFTron Case):
- PDFTron, a popular engine, is embedded as an iframe in hosting applications and communicates via postMessage.
- The researchers investigated undocumented UI configuration parameters and discovered that some inputs allow direct JavaScript evaluation.
  - Obfuscated, minified JavaScript complicated their work.
- Exploit achieved by embedding HTML within SVG elements to bypass security filters, ultimately enabling JavaScript execution.
- “...we found a way to execute JavaScript, which was really nice.” — Omer Nindberg (06:44)

3. Scaling Vulnerability Discovery with AI ([06:49])

Manual Discovery vs. Automation:
- Static code is easier to analyze; dynamic single-page applications pose challenges.
- Dynamic code requires runtime analysis and instrumentation to trace data flow and catch vulnerabilities.
- "In dynamic applications...the only place that the actual code flow can be investigated is actually at runtime." — Omer Nindberg (07:07)

4. Embedding Researcher Instincts into AI ([11:55])

Beyond Simple Pattern Matching:
- AI agents trained not only on code, but on replicating expert intuition: prioritizing interesting leads, recognizing common hurdles (like SVG/HTML embedding), and applying proven bypass tricks.
- Training involved exposing agents to thousands of real-world environments to iteratively improve detection.
- "We actually train our agents on those intuitions and we try to navigate their preferred path to paths that actually correlate to finding more vulnerabilities." — Omer Nindberg (11:55)

Memorable Quote:

“When somebody that...knows how to research vulnerabilities and done it for years...they just have instincts of what’s more important than the other things.” — Omer Nindberg (11:55)

5. Specialized AI Agent Roles: The Swarm Approach ([14:49])

Agent Types:
- Tracer: Maps out the attack surface.
- Resolver: Connects sources (inputs) to sinks (dangerous functions) to hypothesize possible exploits.
- Bypass: Focuses on achieving actual exploitation, often requiring coding expertise.
Workflow Mirrors Human Researchers: Specialized agents mimic distinct phases of manual research, optimizing the chances of a successful find and proof.
- "Each different task requires different skills that the agent needs to embed inside itself." — Omer Nindberg (16:49)

6. From “Vibes” to Proof: Genuine Exploit Validation ([17:21])

Critique of Other AI Tools: Most tools only produce probable findings—“vibes”—versus actual, reproducible proofs.
Novi Security’s Aim: Deliver not just a hypothesis, but working exploit code (e.g., a proof-of-concept script, triggering real xss or idor exploits).
- “So the proof that we provide is actually something that you can just take, run, and then you’ll say, ah, yeah, this makes sense. It does exactly what I would expect it to do.” — Omer Nindberg (18:27)

7. The Changing Game for Defenders ([19:04])

Defenders Must Keep Up:
- Attackers are now armed with tools that make previously labor-intensive, niche vulnerability discovery rapid and routine.
- Security teams must employ equivalent tools and strategies to avoid being outpaced.
- "Defenders must move a lot quicker than before because it’s just easier now to automate and scale everything." — Omer Nindberg (20:32)

Memorable Moments & Notable Quotes

On the thrill of discovery:
- “Once we started to dig deep...we found a way to execute JavaScript, which was really nice.” — Omer Nindberg (06:44)
Describing AI agent learning:
- “It’s not a single action, but...an iterative motion that the goal is at the end to find a vulnerability.” — Omer Nindberg (13:40)
On the dangers of not adopting AI-driven defense:
- “If today there is a tool that can find vulnerabilities that yesterday were impossible...and you’re as a defender not using that tool...you’re going to be in trouble.” — Omer Nindberg (19:32)

Timestamps for Key Segments

Final Takeaways

Embedded document engines, like PDF viewers, dramatically increase the attack surface for all applications utilizing them, especially when misconfigurations or insecure parameters exist.
Attack techniques now blend deep technical know-how with creative use of document formats (SVG/HTML) and runtime analysis.
AI can scale vulnerability discovery, but to be effective, must be trained not just on code, but on the instincts of human expert researchers.
Defensive teams must rapidly adapt, employing similar AI-powered tools to keep ahead of attackers exploiting these new automated, scalable offensive methods.

Guest: Omer Nindberg, CTO, Novi Security
Research Discussed: “From PDF to pwn”
Host: Dave Bittner, N2K CyberWire

wavePod

When “safe” documents aren’t. [Research Saturday]

Summary

CyberWire Daily: Research Saturday

Episode: When “safe” documents aren’t

Episode Overview

Key Discussion Points and Insights

1. The Hidden Risks in Embedded PDF Engines

2. Anatomy of a PDF Engine Exploit ([03:24])

3. Scaling Vulnerability Discovery with AI ([06:49])

4. Embedding Researcher Instincts into AI ([11:55])

Memorable Quote:

5. Specialized AI Agent Roles: The Swarm Approach ([14:49])

6. From “Vibes” to Proof: Genuine Exploit Validation ([17:21])

7. The Changing Game for Defenders ([19:04])

Memorable Moments & Notable Quotes

Timestamps for Key Segments

Final Takeaways

Summary

CyberWire Daily: Research Saturday

Episode: When “safe” documents aren’t

Episode Overview

Key Discussion Points and Insights

1. The Hidden Risks in Embedded PDF Engines

2. Anatomy of a PDF Engine Exploit ([03:24])

3. Scaling Vulnerability Discovery with AI ([06:49])

4. Embedding Researcher Instincts into AI ([11:55])

Memorable Quote:

5. Specialized AI Agent Roles: The Swarm Approach ([14:49])

6. From “Vibes” to Proof: Genuine Exploit Validation ([17:21])

7. The Changing Game for Defenders ([19:04])

Memorable Moments & Notable Quotes

Timestamps for Key Segments

Final Takeaways