AI Security Researcher

Tomer Wetzler

Bridging adversarial ML, detection engineering, and mechanistic interpretability to secure AI systems. Currently at Zenity, building real-time defense for AI agents.

Publications & Findings

Exploring the boundaries of LLM security through novel attack classes, geometric analysis, and defense mechanisms.

01

Data-Structure Injection (DSI) in LLM Agents

Structured prompts (YML, XML, JSON) collapse next-token predictions, giving attackers control over tool calls, arguments, and agentic workflows.

AI Agents LLM Security Prompt Injection
07

Data-Structure Injection (DSI) in LLM Agents

Structured prompts (YML, XML, JSON) collapse next-token predictions, giving attackers control over tool calls, arguments, and agentic workflows.

AI Agents LLM Security Prompt Injection

Professional Background

From military intelligence to cloud security to AI — building defenses at every layer.

May 2025 — Present

Zenity, Tel Aviv

AI Security Researcher

  • Building a real-time detection platform for defense of AI agents
  • Project lead for anomaly detection mechanism
  • Discovered novel attack class against LLMs (DSI), to be included in OWASP and MITRE ATLAS
  • Discovered self-modeling behavior in Large Language Models
Feb 2024 — May 2025

Microsoft, Tel Aviv

Security Researcher

  • Developed detection algorithms via KQL for cloud attack mitigation
  • Identified and mitigated MFA-based attacks and open-source red team tools against Azure
Jun 2023 — Jan 2024

Illustria, Tel Aviv

Security Engineer

  • Developed a Software Composition Analysis tool for codebase vulnerability scanning
  • Published independent research on Java build process vulnerabilities
Jan 2017 — Sep 2019

Unit 8200, Israeli Military Intelligence

Cyber Threat Hunter Team Leader

  • Analyzed intelligence regarding adversary cyber capabilities
  • Collaborated with malware analysts and security researchers
  • Led a team of analysts

Industry Contributions

Contributing to the frameworks that define how the industry understands AI threats.

MITRE ATLAS Contributor

Recognized contributor to the Adversarial Threat Landscape for Artificial-Intelligence Systems framework.

OWASP Editor

Editor at OWASP best practices for MCP (Model Context Protocol) development.

Responsible Disclosure — Meta

Disclosed vulnerability in Prompt Guard 2 classifier to Meta, classified as informative.

Get in Touch

Interested in AI security research, collaboration, or speaking opportunities? I'd love to hear from you.