$ whoami#
Security Research Engineer @ Adversa AI | Software Developer turned Security Researcher
Today, I am a Security Research Engineer at Adversa AI, specializing in agentic AI security, LLM vulnerabilities, and advanced application security. Prior to this transition, I spent years building web applications before I started breaking them. This shift wasn’t just a career movement; it was a deep-dive into the fundamental ways systems fail at the architectural level. I don’t just find bugs; I investigate the logic that allowed them to exist.
The Developer’s Edge#
Most security research identifies what is broken. Because of my engineering background, I focus on the “Developer’s Blind Spot”—the space between a feature’s intent and its actual implementation.
- Developer Intuition: I can “smell” vulnerable patterns in code—like unsafe ORM usage or weak middleware logic—because I’ve been in the trenches building them.
- Impact-Driven Research: I actively hunt for vulnerabilities in open-source projects and enterprise platforms, focusing on impactful, responsible disclosure.
- Practical Patches: For critical research, such as my work on CVE-assigned vulnerabilities, I work alongside maintainers to provide the specific code patches required to fix the root cause.
The Journey: Curiosity as a Constant#
My path into security wasn’t academic—it was adversarial. It started in my teens, finding creative ways to identify flaws in local administrative and educational systems. Even then, my focus was on the report; identifying a bypass and ensuring the vulnerability was understood and closed.
This drive continued during my service in an elite intelligence unit (8200). While my primary role was in translation, I spent my free time exploring the organization’s own internal systems. I identified and reported multiple security gaps, turning a personal curiosity into a contribution to the unit’s defensive posture. Today, I’ve traded unofficial exploration for a professional commitment to securing the digital frontier—from modern web ecosystems to frontier AI architectures.
Research Focus#
- Agentic AI & LLM Security: Exposing critical vulnerabilities in AI coding agents and frontier models, including project-scoped trust bypasses (such as TrustFall and SymJack), cryptographic payload injections, and reasoning-trace hijacking.
- Logic Exploitation & Sandboxing: Breaking down proprietary APIs, developer tools, and sandboxed systems to uncover architectural flaws that traditional static analysis tools miss.
- Web & Supply Chain Security: Hardening open-source software, identifying DOM-based XSS, and uncovering advanced business logic vulnerabilities in modern applications.
“The best builders make the best breakers.”