Artificial intelligence systems are now embedded in business-critical infrastructure across every sector — and they introduce attack vectors that conventional security frameworks were never designed to address. I specialize in the precise intersection of offensive security methodology and machine learning systems research. This allows me to evaluate AI deployments with the rigor of a penetration tester and the depth of an ML researcher simultaneously. The scope spans the full AI pipeline: from the security of training data and model supply chains through to inference-time attacks against deployed systems. I assess large language models for prompt injection and jailbreak vectors, evaluate retrieval-augmented generation architectures for data leakage through retrieval, test classification and detection models against adversarial examples, and audit AI governance frameworks against emerging regulatory requirements including the EU AI Act.

Effective security architecture is not about deploying more products — it is about designing a layered system of controls that detects, contains and ejects adversaries who have already bypassed the perimeter. My architectural designs are grounded in threat modeling derived from direct experience as an attacker: I understand how lateral movement works in practice, how persistence mechanisms evade detection, and which detection logic actually stops sophisticated actors versus which creates alert noise. I design zero trust environments from first principles, deploy and tune SIEM and SOAR platforms with detection engineering that achieves sub-five-minute mean time to detect, and integrate AI-powered analytics that multiply analyst effectiveness rather than generating additional noise for overwhelmed security operations teams.

Cloud environments are systematically over-trusted — not because organizations are careless, but because the complexity and velocity of cloud infrastructure makes comprehensive security validation genuinely difficult. I assess cloud environments through the lens of an attacker who starts with minimal credentials and progressively escalates by chaining IAM misconfigurations, exposed metadata services, overly permissive storage policies and insecure workload configurations. The blast radius of what looks like a minor misconfiguration often extends far beyond the immediate resource. My cloud security engagements cover all major platforms and span the complete DevOps stack, from source code repositories and CI/CD pipelines through container orchestration to serverless compute and data storage layers.

Modern conversational AI systems have evolved far beyond intent classification and slot filling. The state of the art demands architectures capable of maintaining coherent multi-turn context across extended interactions, adapting dynamically to user intent and affect, operating reliably across multiple languages and modalities, and degrading gracefully when presented with edge cases or adversarial inputs. I design systems to these standards and audit deployed systems against the same criteria. My research background in conversational AI security means I understand the full landscape of ways these systems fail — from benign edge cases that frustrate users to deliberate adversarial manipulation that causes systems to behave contrary to their operators' intentions. Conversational AI safety is not a bolt-on — it must be engineered from the ground up.

The deployment of generative AI at enterprise scale introduces a new class of security and reliability challenges that organizations are only beginning to grapple with. I help enterprises harness the capabilities of large language models, diffusion systems and multi-modal generative architectures while systematically addressing the risks that accompany them. This includes the design of retrieval-augmented generation systems that do not leak sensitive information through the retrieval layer, fine-tuning pipelines that avoid embedding private training data in ways that can be extracted through model inversion, and output monitoring systems that detect when generative systems deviate from intended behaviour. My adversarial testing experience is directly integrated into the design process — the best time to identify how a generative system can be manipulated is before deployment, not after.

Production machine learning systems operate in environments that differ fundamentally from the controlled conditions of research and development. Distribution shifts, adversarial inputs, data poisoning through upstream supply chains, and deliberate model manipulation by malicious actors are operational realities that must be designed for from the outset. I engineer ML systems with these constraints fully integrated into the architecture — not addressed as afterthoughts when problems emerge in production. My applied ML work spans cybersecurity applications including real-time intrusion detection, malware family classification, user and entity behavior analytics, and automated threat intelligence processing and correlation. Each of these applications demands ML models that are not merely accurate in test conditions but genuinely robust under adversarial pressure.

Security operations generate more data than virtually any other organizational function — log telemetry, network flows, endpoint events, threat intelligence feeds, user activity records, cloud audit trails — and the vast majority of it is never analyzed in a way that produces security value. I build data science pipelines that change this equation: machine learning models that surface genuine anomalies from the noise, statistical correlation engines that connect signals across disparate data sources, threat intelligence enrichment systems that automate the triage of indicators, and visualization layers that give analysts the situational awareness to act decisively. Every pipeline is designed with security-first principles — a data platform that leaks sensitive telemetry or can be manipulated to suppress detections is a liability, not an asset.