- Redesigned a core segment of the analysis pipeline with structural classification replacing LLM dependency and eliminating context starvation in downstream steps while reducing runtime by an order of magnitude on large repositories.
- Collaborated in improving call-graph building pipeline that directly influenced downstream quality and coverage of vulnerability findings. Built and improved multi-language parsers from scratch with TreeSitter.
- Built global findings deduplication pipeline from scratch which identified and deduplicated findings across historical scans reducing data overload, improving user experience and also saving cost in pipeline.
- Architected and shipped dynamic vulnerability validation for code reviews that supported custom environment builds on-demand to remain tech-stack agnostic and multi-agent system to carry out true validation and exploitation over theoretical metrics.
- Improved multi-agent validation precision across judge pipelines by reducing false-positive propagation through structured context enrichment.
- Contributed in strategy building and executing for GTM operations and partook in client-facing calls.
- Ideated and shipped product UX improvments and long-term primary features.
- Core architect of Orchestron v2 (O2), an autonomous pentest orchestrator spanning reverse engineering, API testing, and authenticated web-application scanning.
- Implemented persistent agent memory enabling multi-step vulnerability chaining and threat-scenario reasoning across attack surfaces.
- Built MCP servers integrating Claude and OpenAI SDK workflows for tool-augmented execution.
- Reduced per-review LLM cost to 1/4th via Langfuse trace-level debugging and workflow optimization.
- Developed VibeReview enabling threat modeling during code generation workflows.
- Automated DevSecOps scanning pipelines adopted org-wide, reducing vulnerability backlog by 90%.
- Performed security architecture reviews for multi-tenant Kubernetes ML inference systems (PyTorch, Ray Serve).
- Audited legacy C/C++ enterprise codebases uncovering memory-safety and privilege-escalation vulnerabilities.
- Reverse engineered closed-source binaries using IDA Pro and Ghidra to reproduce exploit chains.
- Technical advisor for global HackerOne triage operations improving classification accuracy and turnaround efficiency.
Warner Bros Discovery — Critical RCE bounty
TikTok — Business logic vulnerability disclosure
Government of India (NCIIPC) — Critical infrastructure security acknowledgement
Languages — Python, Rust, C, C++, Java, Assembly (x86_64 / Armv8)
Agentic Systems — Claude Agent SDK, OpenAI SDK, LangChain, LangGraph, MCP architectures
Backend — FastAPI, Pydantic, APScheduler, Temporal
Program Analysis — IDA Pro, Ghidra, Binary Ninja, AFL++, libFuzzer, Frida
Infra — Docker, Kubernetes, GCP, GitHub Actions, PostgreSQL
Awesome OffSec Claude
- Curated reusable offensive-security agent skills and prompt schemas for reconnaissance, vulnerability discovery, and exploitation workflows.
WordPress Plugin SAST Automation
- Automated security analysis across top plugins using Semgrep + CodeQL with SARIF reporting pipelines.