Blog
Yotam Perkal

Yotam Perkal

AI & Security Research

About the author

Yotam Perkal leads Security Research at Pluto Security, where he focuses on securing AI-native development environments and uncovering emerging risks in AI-driven software workflows. With over a decade of experience in cybersecurity, his work sits at the intersection of offensive research, vulnerability management, and software supply chain security.

Previously, Yotam led Threat Research at Zscaler, headed Vulnerability Research at Rezilion, and held multiple roles within the PayPal security organization.

He is an active contributor to cross-industry initiatives focused on AI security, vulnerability management, and software supply chain risk.

Related Posts

ClaudeSec
Securing Claude Cowork: What Security Teams Actually Need to Know
Apr 16, 2026 |13 min read

Securing Claude Cowork: What Security Teams Actually Need to Know

Claude Cowork is Anthropic’s autonomous desktop agent. Unlike a chatbot that responds to prompts, Cowork takes a goal, then independently reads files, writes code, browses…
Read More
Security
MCPwn: A CVSS 9.8 One-Line MCP Bug That Hands Over Your Nginx to Anyone on the Network – Actively Exploited in the Wild
Apr 15, 2026 |8 min read

MCPwn: A CVSS 9.8 One-Line MCP Bug That Hands Over Your Nginx to Anyone on the Network – Actively Exploited in the Wild

What if a single missing function call – one middleware reference, 27 characters – could give any attacker on your network complete control over your…
Read More
ClaudeSec
Inside Claude Cowork: How Anthropic’s Autonomous Agent Actually Works
Apr 01, 2026 |15 min read

Inside Claude Cowork: How Anthropic’s Autonomous Agent Actually Works

We reverse-engineered the security architecture of Claude’s autonomous desktop agent. Here’s what we found. Computer use agents represent a new class of AI capability: systems…
Read More
Tech
Another Day, Another Supply Chain Compromise: Here’s What We Know About the Axios Incident
Mar 31, 2026 |5 min read

Another Day, Another Supply Chain Compromise: Here’s What We Know About the Axios Incident

A maintainer account takeover, a cross-platform RAT, and a payload designed to vanish – inside the axios npm compromise and why network-level detection matters more…
Read More