Warner Bros Discovery — Critical RCE bounty

TikTok — Business logic vulnerability disclosure

Government of India (NCIIPC) — Critical infrastructure security acknowledgement

• Redesigned the repository analysis pipeline with census-driven structural classification and high-precision path inference eliminating context starvation in downstream agents while reducing runtime by an order of magnitude on large repositories.
• Collaborated in improving call-graph building pipeline that directly influenced downstream quality and coverage of vulnerability findings.
• Contributed to autonomous blackbox DAST architecture supporting authenticated scanning, reachability validation, exploit chaining, and environment-dependent vulnerability confirmation.
• Architected and implemented dynamic vulnerability validation for code reviews that supported custom environment builds on-demand to remain tech-stack agnostic and multi-agent system to carry out true validation and exploitation over theoretical metrics.
• Improved multi-agent validation precision across judge pipelines by reducing false-positive propagation through structured context enrichment.

• Core architect of Orchestron v2 (O2), an autonomous pentest orchestrator spanning reverse engineering, API testing, and authenticated web-application scanning.
• Implemented persistent agent memory enabling multi-step vulnerability chaining and threat-scenario reasoning across attack surfaces.
• Built MCP servers integrating Claude and OpenAI SDK workflows for tool-augmented execution.
• Reduced per-review LLM cost by 88% via Langfuse trace-level observability and workflow optimization.
• Developed SecurityReview-Kit enabling inline developer threat modeling during code generation workflows.
• Automated DevSecOps scanning pipelines adopted org-wide, reducing vulnerability backlog by 90%.
• Performed security architecture reviews for multi-tenant Kubernetes ML inference systems (PyTorch, Ray Serve).
• Audited legacy C/C++ enterprise codebases uncovering memory-safety and privilege-escalation vulnerabilities.
• Designed libAFL fuzzing harnesses discovering parser corruption and deserialization flaws.
• Reverse engineered closed-source binaries using IDA Pro and Ghidra to reproduce exploit chains.
• Technical advisor for global HackerOne triage operations improving classification accuracy and turnaround efficiency.

Awesome OffSec Claude

• Curated reusable offensive-security agent skills and prompt schemas for reconnaissance, vulnerability discovery, and exploitation workflows.

WordPress Plugin SAST Automation

• Automated security analysis across top plugins using Semgrep + CodeQL with SARIF reporting pipelines.