Blog
Yotam Perkal

Yotam Perkal

AI & Security Research

About the author

Yotam Perkal leads Security Research at Pluto Security, where he focuses on securing AI-native development environments and uncovering emerging risks in AI-driven software workflows. With over a decade of experience in cybersecurity, his work sits at the intersection of offensive research, vulnerability management, and software supply chain security.

Previously, Yotam led Threat Research at Zscaler, headed Vulnerability Research at Rezilion, and held multiple roles within the PayPal security organization.

He is an active contributor to cross-industry initiatives focused on AI security, vulnerability management, and software supply chain risk.

Related Posts

CopilotSec
Introducing CopilotSec: A Community Knowledge Hub for Security of The Microsoft AI Ecosystem
May 26, 2026 |5 min read

Introducing CopilotSec: A Community Knowledge Hub for Security of The Microsoft AI Ecosystem

The Microsoft AI ecosystem has expanded faster than the practical security guidance around it. Copilot Studio gives any citizen developer a citizen-grade path from idea…
Read More
CopilotSec
Securing Copilot Studio: A Practical Hardening Guide
May 26, 2026 |21 min read

Securing Copilot Studio: A Practical Hardening Guide

Copilot Studio has gone from “we’re experimenting” to “we have agents in production” in a lot of organizations – and the security work hasn’t kept…
Read More
CopilotSec
Inside Copilot Studio: How Microsoft’s Citizen-Developer Agent Platform Actually Works
May 26, 2026 |20 min read

Inside Copilot Studio: How Microsoft’s Citizen-Developer Agent Platform Actually Works

Microsoft Copilot Studio is the citizen-developer end of the Microsoft AI ecosystem. A maker without writing code can compose an agent in an afternoon: pick…
Read More
Industry
Enterprise Agent Governance
May 11, 2026 |7 min read

Enterprise Agent Governance

Enterprise Agent Governance: Monitoring AI Coding Agents Without Stifling Productivity The continued rise of AI coding agent tools such as Claude Code, Devin, and Cursor…
Read More
ClaudeSec
Skills, Connectors, Plugins, Oh My: A Security Practitioner’s Map of the Claude Extension Ecosystem
Apr 29, 2026 |13 min read

Skills, Connectors, Plugins, Oh My: A Security Practitioner’s Map of the Claude Extension Ecosystem

TL;DR Three primitives, one trust radius. Skills, Connectors (MCP), and Plugins look like distinct architectural units but are effectively a bundle. A single plugin installation…
Read More
Security
Agent Skills Supply Chain Risks
Apr 27, 2026 |7 min read

Agent Skills Supply Chain Risks

Supply Chain Risks of Agent Skills AI agents are rapidly evolving from simple automation tools into complex systems capable of performing a wide range of…
Read More
ClaudeSec
Inside Claude Managed Agents: Reverse-Engineering the Security Boundaries of Anthropic’s Hosted Agent Runtime
Apr 27, 2026 |12 min read

Inside Claude Managed Agents: Reverse-Engineering the Security Boundaries of Anthropic’s Hosted Agent Runtime

In our previous deep dive into Claude Cowork, we reverse-engineered Anthropic’s desktop agent – uncovering gVisor syscall filtering, MITM TLS inspection proxies, and a layered…
Read More
Tech
Software Supply Chain Attack: How the AI Agent Ecosystem Became a New Battleground
Apr 20, 2026 |7 min read

Software Supply Chain Attack: How the AI Agent Ecosystem Became a New Battleground

The software ecosystem has undergone a fundamental shift with the emergence of AI agents. Applications are no longer built from isolated codebases. They are now…
Read More
ClaudeSec
Securing Claude Managed Agents: What You Need to Know Before Going to Production
Apr 17, 2026 |13 min read

Securing Claude Managed Agents: What You Need to Know Before Going to Production

Claude Managed Agents is Anthropic’s hosted agent runtime – a platform where Claude runs autonomously in cloud containers with bash access, file I/O, web browsing,…
Read More