AI Security Researcher | Offensive Security | Adversarial ML
I research attack surfaces that emerge when AI systems take autonomous actions in the world. Right now I am focused on prompt injection attacks that propagate across multi-agent LLM pipelines — where one model orchestrates others and each agent blindly trusts the previous one.
I do not just study these systems. I run one.
Cross-Agent Prompt Injection — Investigating whether a compromised subagent can manipulate a safety-filtered orchestrator into executing restricted actions. Building a reproducible evaluation framework using open-source models and public APIs.
| Project | Description |
|---|---|
| HunterAI | Autonomous bug bounty engine — 90+ tools, 8 AI agents, MCP integration with Burp Suite and HackerOne. Production system running on Claude API. |
| Adversarial ML Evasion Lab | FGSM evasion attacks on CICIDS2017 network traffic classifier. Degraded accuracy 30%+. Built input-validation defense layer. |
| AI Phishing Detection Engine | Random Forest classifier on URL entropy, HTTP headers, and page content signals. 95%+ detection accuracy. |
| TurboScan | High-concurrency directory brute-forcer in Go. 3x throughput of ffuf on identical wordlists. |
- Independent security researcher on HackerOne since January 2021
- Most recent confirmed finding: OAuth 2.0 Missing State Parameter (CVSS 5.4, CWE-352) against a major gaming platform
- Completed NVIDIA DLI Adversarial Machine Learning — executed RAG prompt injection via semantic misdirection
- B.S. Cybersecurity Engineering, George Mason University (GPA 3.57, expected May 2027)
Languages Python · Go · C · Rust · Bash
Security Burp Suite · Metasploit · Nmap · ffuf · Nuclei · Claude API
ML scikit-learn · FGSM · RAG pipelines · multi-agent systems
Platform Kali Linux · WSL2 · Docker

