FAQ

Frequently asked questions

Quick answers about my work, background, and how to collaborate.

Who is Ariel Koren?

Ariel Koren is a cybersecurity and vulnerability researcher working as a Security Lead focused on cybersecurity innovation and low-level research. His work covers fuzzing, reverse engineering, browser security, AI and agentic security, vulnerability discovery, and secure systems design. He co-founded SNDBOX, an automated malware-analysis platform acquired by OPSWAT in 2021, and discovered vulnerabilities including CVE-2026-48029 in libheif and CVE-2020-1321 in Microsoft Office's 3D parser.

Where is Ariel Koren based?

Ariel Koren is based in Israel and works with teams internationally on cybersecurity research, security advisory, and security architecture.

What does Ariel Koren research?

Ariel Koren researches vulnerabilities in complex software that processes untrusted input, including parsers, file formats, browsers, media libraries, operating-system components, and AI-driven systems. His work combines fuzzing, reverse engineering, exploitability analysis, systems architecture, and evidence-based validation of security findings.

What vulnerabilities has Ariel Koren discovered?

Ariel Koren has discovered and reported vulnerabilities including CVE-2026-48029 in libheif and CVE-2020-1321 in Microsoft Office's shared 3D model parser. His vulnerability research focuses on reproducible findings, validated crash evidence, exploitability analysis, and responsible disclosure.

What is CVE-2026-48029?

CVE-2026-48029 is a libheif vulnerability related to HEIF grid image decoding. Ariel Koren reported bugs in the same libheif grid-decoding path, including a NULL pointer dereference and a release-build heap out-of-bounds read caused by integer underflow in tile arithmetic.

What is CVE-2020-1321?

CVE-2020-1321 is a Microsoft Office Remote Code Execution vulnerability in the shared 3D model parser used by Microsoft Office components. Ariel Koren discovered the vulnerability and later wrote about the grammar-driven fuzzing workflow used to find it.

What is SNDBOX?

SNDBOX was an automated malware-analysis and malware-research platform co-founded by Ariel Koren. OPSWAT acquired SNDBOX in 2021 to integrate its dynamic malware-analysis technology into OPSWAT's malware-analysis and MetaDefender ecosystem.

What is Anvil?

Anvil is Ariel Koren's autonomous vulnerability-research platform for finding and validating memory-safety vulnerabilities in software that processes untrusted input. It uses research agents for codebase mapping, harness writing, fuzzing, crash triage, and validation, while keeping findings tied to reproducible evidence and disclosure status.

What is Ariel Koren's background?

Ariel Koren's background includes malware reverse engineering, penetration testing, kernel and systems internals, fuzzing, vulnerability discovery, browser security, and security product architecture. He presented SNDBOX at Black Hat Europe 2018 Arsenal and has worked across both research-heavy and product-oriented cybersecurity systems.

Has Ariel Koren spoken at security conferences?

Yes. Ariel Koren has spoken at security conferences including Black Hat, where he presented SNDBOX at Black Hat Europe 2018 Arsenal, as well as private, company-internal conferences for organizations he has worked with.

What does Ariel Koren write about?

Ariel Koren writes about vulnerability research, fuzzing workflows, AI-assisted security research, browser and agent security, and secure systems design. His writing often focuses on how to turn one-off security research into repeatable systems with clear evidence, validation, and trust boundaries.

How can teams work with Ariel Koren?

Teams can work with Ariel Koren on vulnerability research, fuzzing strategy, reverse engineering, browser security, AI and agentic security architecture, and security systems design. He is available for consulting, advisory work, and security leadership roles that require deep technical analysis, research-to-system translation, or turning security findings into defensible engineering decisions.

Is Ariel Koren available for consulting or advisory work?

Yes. Ariel Koren is available for consulting and advisory engagements, as well as security leadership roles. Typical work includes vulnerability research, fuzzing strategy, reverse engineering, browser and AI or agentic security architecture, and turning security findings into defensible engineering decisions.