We find where systems place trust and prove when they shouldn't — across AI platforms, cloud infrastructure, web applications, and the humans who operate them. Open frameworks for adversarial-AI red teaming. Systematic vulnerability research from application layer to kernel. Social engineering for the human layer.
SnailSploit started from one conviction: the same attack works on a human and a machine — you just change the substrate. The manipulation, misdirection, and misplaced trust that break people break language models too. We call the machine version inherited vulnerabilities: failure modes the models learned from us.
None of us took the conventional path. Kai came out of political science and psychology — he studied how humans are manipulated, then watched LLMs fall for the very same techniques, and publishes that work under the byline “The Jailbreak Chef.” Avraham and Sahar are childhood friends — teen hackers who built and sold their first SaaS at 16, enough to buy their first car. Avraham went deep into web and application security and SSDLC; Sahar became the most hands-on operator of the three, hunting wherever an assumption hides — Kubernetes, MongoDB internals, Windows protocol handlers, cloud tenancy boundaries, AI guardrails. All three are self-taught. Kai met Avraham and Sahar through an earlier role, the three clicked, and we never stopped researching. SnailSploit made it official.
The method is not tool-driven. We find the underlying principle that makes an entire class of vulnerabilities possible, then prove it reproduces across targets, implementations, and substrates. Avraham’s software-building background anchors it — SSDLC is native to him, so he knows where in the lifecycle each bug should have been caught. AATMF, SEF, and P.R.O.M.P.T are how we formalize the method; publishing them openly is how we keep ourselves honest.
The work speaks in numbers. 69 published CVEs across Kubernetes, Apache, the OSS supply chain, the WordPress ecosystem, and the Linux kernel — five of them merged as mainline kernel patches. Named acknowledgments from Apple, IBM, Palo Alto Networks, Red Hat, Broadcom, Apache, and Israel’s National Cyber Directorate. A book — Adversarial Minds — and bylines in Hakin9 and Dark Reading.
Each of us is a piece of the same puzzle; none of the pieces is optional. We coordinate every disclosure with the maintainer first, publish the frameworks for free, and take on only a small number of high-trust engagements. We don’t do volume. We do the work that needs doing.
Background in political science and psychology. Self-taught into offensive security. Creator of AATMF, SEF, and P.R.O.M.P.T. Author of Adversarial Minds. Publishes solo adversarial-AI research under the byline "The Jailbreak Chef." Hakin9 contributing author. MITRE/NVD contributor. Linux kernel mainline contributor.
The thesis — that adversarial psychology operates the same way against carbon and silicon — came from studying how humans are manipulated, then watching LLMs fall for the same techniques.
Self-taught developer who, with his childhood friend Sahar, shipped their first SaaS at 16. Transitioned from product engineering to penetration testing to vulnerability research — the progression was inevitable. 28 CVEs through systematic WordPress ecosystem research. VDPs ranging from cable provider paywall bypasses to application-layer logic flaws.
Avraham sets the principle-based mindset that defines how SnailSploit researches. Deep SSDLC expertise — he doesn't just find the vulnerability, he knows where in the development lifecycle it should have been caught.
Offensive security engineer. Started in defense — senior SOC analyst at TrustNet, malware analyst training at TrainSec academy — then crossed over to offense and never looked back. Acknowledged by Apple, IBM, Palo Alto Networks, Red Hat, Broadcom, Apache, and the Israel National Cyber Directorate. Featured speaker at AWS Gen AI Loft Tel Aviv. Provided the foundational offensive checklists behind Claude-Red.
Sahar doesn't specialize. He hunts wherever the assumption is — Kubernetes, MongoDB internals, Windows protocol handlers, cloud tenancy boundaries, AI guardrails. The bug is always the same bug: somebody believed something about their code that isn't true. If you ask me and Avraham, he's the most dangerous hacker we know.
Coordinated disclosure, always. Every CVE and advisory goes through the maintainer first. No public 0-days for clout.
Open frameworks. AATMF, SEF, and P.R.O.M.P.T are CC BY-SA. The toolkit is Apache 2.0.
No volume engagements. Small in number, high in trust.
No security theater. Findings are operational or they don't ship. Every vulnerability traces to an underlying principle — why it exists, not just that it does.
Independent. No corporate parent. No platform incentives.
The work is the product. We'd rather publish one piece that lands than ten that don't.