Skip to content
View 1fanya's full-sized avatar

Block or report 1fanya

Block user

Prevent this user from interacting with your repositories and sending you notifications. Learn more about blocking users.

You must be logged in to block users.

Maximum 250 characters. Please don’t include any personal information such as legal names or email addresses. Markdown is supported. This note will only be visible to you.
Report abuse

Contact GitHub support about this user’s behavior. Learn more about reporting abuse.

Report abuse
1fanya/README.md

Ivan Mikheev

AI Security Researcher | Offensive Security | Adversarial ML

I research attack surfaces that emerge when AI systems take autonomous actions in the world. Right now I am focused on prompt injection attacks that propagate across multi-agent LLM pipelines — where one model orchestrates others and each agent blindly trusts the previous one.

I do not just study these systems. I run one.


Active Research

Cross-Agent Prompt Injection — Investigating whether a compromised subagent can manipulate a safety-filtered orchestrator into executing restricted actions. Building a reproducible evaluation framework using open-source models and public APIs.


Projects

Project Description
HunterAI Autonomous bug bounty engine — 90+ tools, 8 AI agents, MCP integration with Burp Suite and HackerOne. Production system running on Claude API.
Adversarial ML Evasion Lab FGSM evasion attacks on CICIDS2017 network traffic classifier. Degraded accuracy 30%+. Built input-validation defense layer.
AI Phishing Detection Engine Random Forest classifier on URL entropy, HTTP headers, and page content signals. 95%+ detection accuracy.
TurboScan High-concurrency directory brute-forcer in Go. 3x throughput of ffuf on identical wordlists.

Background

  • Independent security researcher on HackerOne since January 2021
  • Most recent confirmed finding: OAuth 2.0 Missing State Parameter (CVSS 5.4, CWE-352) against a major gaming platform
  • Completed NVIDIA DLI Adversarial Machine Learning — executed RAG prompt injection via semantic misdirection
  • B.S. Cybersecurity Engineering, George Mason University (GPA 3.57, expected May 2027)

Stack

Languages   Python · Go · C · Rust · Bash
Security    Burp Suite · Metasploit · Nmap · ffuf · Nuclei · Claude API
ML          scikit-learn · FGSM · RAG pipelines · multi-agent systems
Platform    Kali Linux · WSL2 · Docker

📫 23mikheev@gmail.com · LinkedIn

Pinned Loading

  1. hunterAI hunterAI Public

    Python

  2. adversarial-ml-evasion-lab adversarial-ml-evasion-lab Public

    Python

  3. cross-agent-injection-research cross-agent-injection-research Public

  4. phishing-detection-engine phishing-detection-engine Public

    Python

  5. vuln-triage-llm vuln-triage-llm Public

    Python

  6. turboscan turboscan Public

    Go