About
I find vulnerabilities in AI systems before they reach production.
My work targets coding agents, agentic pipelines, and LLM-powered developer tooling, focusing on bugs with real impact: credential theft, persistent compromise, and safety-policy bypasses.
Focus
Recent work has covered indirect prompt injection in AI coding agents, invisible Unicode injection via git commit metadata, and DNS-controlled payload delivery through package manager lifecycle hooks.
Recognition
Top ranked on the 0din.ai global leaderboard in both quality and quantity categories. All research is conducted against attacker-controlled test infrastructure only.