You're listening to the Cyberwire Network, powered by N2K.

Hello, everyone, and welcome to the Cyberwire Research Saturday. I'm Dave Bittner,

and this is our weekly conversation with researchers and analysts tracking down the threats and vulnerabilities,

solving some of the hard problems and protecting ourselves in our rapidly evolving cyberspace.

Thanks for joining us.

PDF engines are something that a lot of companies embed into their applications. And then if you have a vulnerability in one PDF engine, so as a third-party attack, you can compromise lots of companies and customers just by them

integrating those PDF engines inside of their applications.

That's Omer Ninberg, CTO of Novi Security.

The research we're discussing today is titled from PDF to Pone.

So before you all brought AI into this process, what did you all do to manually identify the issues inside of some of these PDF viewers?

What made you think there's something deeper here? This is worth pursuing.

When we start to investigate any application, you don't know if there is a vulnerability or not.

But you always presume that there is.

The mindset of a vulnerability

researcher is there's always another vulnerability. There's still something that nobody else

has found before. And if you keep on digging, you'll find it or find traces that will lead

you to the correct way. We didn't start this whole process because we thought we're going to find thousands of vulnerabilities,

but we wanted to understand what's the limits that we can do with AI.

And then we just started with the first engine, which was a PDF turned by Uprice,

because we found a few of our customers that had that engine.

Well, let's walk through it together.

It can take us through the story of how you all dug into these

...