Nir Ohfeld

We found a new container escape affecting all container runtimes using @NVIDIA GPUs. The crazy part? The exploit is just three lines long 🤯 This is the story of #NVIDIAScape 🧵👇

🚨 NEW RESEARCH: #NVIDIAscape AI vulnerability uncovered! Wiz Research discovered a critical vulnerability (CVE-2025-23266) in the NVIDIA Container Toolkit, the glue connecting containers to GPUs across major cloud providers.

10k+ players have already joined the Ultimate Cloud Security Championship, and we're just getting started. 💥 🌍 Participants from 20+ countries 🔓 200+ have solved Challenge #1 by @0xdabbad00 Claim your spot → cloudsecuritychampionship.com

🚨THE ULTIMATE CLOUD SECURITY CHAMPIONSHIP begins today! 🥊 12 monthly challenges. One leaderboard. Challenge #1 is LIVE now, created by @0xdabbad00. Think you've got what it takes? → cloudsecuritychampionship.com

Something I’m incredibly proud of is finally live. We've launched the Cloud Security Championship: a 12-month series of deep-dive challenges, each crafted by a different top Wiz researcher. The first challenge is up. Go! cloudsecuritychampionship.com

I'm super proud of the team and what we were able to accomplish together in our first Pwn2Own 🤩

🏆 Wiz Research took 1st place in #Pwn2Own's first-ever AI category, competing against global teams targeting critical AI infrastructure. Huge thanks to our incredible research team! @nirohfeld, @shirtamari, @ronenshh, @benny_isaacs, @sagitz_ & Nir Brakha!

Amazing! Nir Ohfeld (@nirohfeld) Shir Tamari (@shirtamari) of Wiz Research used a External Initialization of Trusted Variables bug to exploit the #NVIDIA Container Toolkit. This unique bug earns them $30,000 and 3 Master of Pwn points.

Double whammy! Nir Ohfeld (@nirohfeld) Shir Tamari (@shirtamari) of Wiz Research kick off their Day 3 with an exploit of the NVIDIA Container Toolkit. They weren't confident, the their exploit hit on the first try. Off to the disclosure room with them. #Pwn2Own

Confirmed! The second full win in the AI category goes to Benny Isaacs (@benny_isaacs), Nir Brakha, Sagi Tzadik (@sagitz_) of Wiz Research as they leveraged a UAF to exploit Redis. They earn $40,000 and 4 Master of Pwn points. #Pwn2Own #P2OBerlin

Marvelous! Benny Isaacs, Nir Brakha, Sagi Tzadik (@sagitz_) of Wiz Research successfully popped Redis in the AI category. They head off to see if they are the second full win for AI in #Pwn2Own history. #P2OBerlin

Introducing Multiverse: the first AI-generated multiplayer game. Multiplayer was the missing piece in AI-generated worlds — now it’s here. Players can interact and shape a shared AI-simulated world, in real-time. Training and research cost < $1.5K. Run it on your own PC. We…

🔍IT'S HERE: #ExfilCola, our cloud IR security CTF challenge!🥤 Your mission: - Investigate the cloud environment logs - Research the compromised machines - Secure the files and save the day ⏰ The Cloud Hunting Games are live >> cloudhuntinggames.com

Huge shoutout to @nirohfeld , Head of Vulnerability Research, for making it onto @Forbes 30 Under 30 🎉 From creating CTF challenges to exposing vulnerabilities, Nir is leading the way in cloud security research. Check out some of Nir's work >> wiz.io/authors/nir-oh…

Patches for a batch of critical vulnerabilities the ingress-nginx controller are available! Make sure you apply these patches!