Liran Tal

👋 Hi there, I'm Liran Tal

AI Security Researcher, Node.js Security Expert and Developer Advocate

Liran Tal researches AI Security with a focus on hardening agentic developer workflows and the Model Context Protocol (MCP). Over the past years, Liran has uncovered and responsibly disclosed CVEs in MCP servers, AI frameworks, and open-source libraries, publishing practical write-ups that show how issues like command injection, path traversal, and SQL read-only bypasses emerge in real systems and how to mitigate them. His work also extends to open-source projects that audit and documents supply chain security, how tool-poisoning in MCP tool metadata can steer agents toward unsafe actions, along with concrete guardrails for build pipelines, IDE assistants, and CI that keep AI-generated code from introducing vulnerabilities. Beyond AI, Liran is a longstanding Node.js developer and secure-coding advocate. He authored books on Node.js security, contributed to the Node.js Security Working Group, and led community education through OWASP initiatives and the OpenSSF Secure Coding Labs. He's recognized as a GitHub Star and received the OpenJS Foundation JavaScriptLandia "Pathfinder for Security" award. Today, he leads Developer Relations at Snyk, where he turns research into approachable education with guidance—frameworks, demos, policies, and tooling that teams can adopt to safely use LLMs, agentic systems, and secure code in production.

Friends share feedback

Testimonials from social media

  • profile picture
    Luciano Mammino
    Author of Node.js Design Patterns

    FANTASTIC WORKSHOP! Learned a ton! Thanks a lot 🙏

  • profile picture
    Caleb Queern
    DevSecOps at KPMG Cyber Security

    👀 Wow what great work from @HTTPArchive on the 2022 Web Almanac's Security chapter! Nice job @_clarkio, @liran_tal, @Saptak013 https://almanac.httparchive.org/en/2022/security Lots of detailed analysis of progress and opportunities to better secure the web

  • profile picture
    Jim Manico
    OWASP Leader

    What an honor. Thank you Liran. Some people talk about AppSec (me) and some people really dig in and do the work (you). I’m a big fan. 🤙🏻

  • profile picture
    Rob Whittaker
    Director of Software Development

    This is an excellent little article by @liran_tal on installing Ruby on macOS for local development. There are plenty of options available to you. (I prefer `asdf`.) The most important thing is not to use the system Ruby.

  • profile picture
    Jose Aguinaga
    Head of Engineering at @hoprnet

    This is one of the best guides I've seen on this topic, really cool stuff. Definitely going to take a look at @snyksec's @github action to add it in our @hoprnet project.

  • profile picture
    Dev Sharma
    Software Developer

    This has become my primary source for learning docker with node. Thanks for sharing these 💝

  • profile picture
    Fernando Carrascosa
    Tech Lead

    After being in a workshop by @liran_tal and realizing that RegExps can be exploited fairly easily, I decided to use a validation library. I even contributed to the @DefinitelyTyped definition of it :D

  • profile picture
    Jan Demel
    Software Developer

    Just watched @liran_tal's talk about path traversal vulnerability @NodeConfEU. It was absolutely amazing! I was always into security issues and learning things from such an expert was an honor!

From the blog