Secure the GenAI integration layer
Your agents and assistants touch files, email, tools, and customer data. I map where that trust can be turned against you, attack it with the same harness behind my research, and design the generation-layer controls that stop bad output before it exists.
You leave with findings tied to reproducible tests — not vibes — and a control design your security team can sign off on.
Backed by the ~6.1M-call studyAdversarial testing of your live agent against prompt-injection and data-exfil paths, with a reproducible harness you keep.
Generation-layer guardrails specified, implemented, and validated — designed to prevent, not to clean up afterward.
Ongoing review as your integration surface grows — a principal on call for the decisions that carry risk.
Software & systems, to the same bar
Security-grade engineering isn't only for security work. I build production systems where the correct behavior is the only path the code can take — authoritative data, exact math, per-user isolation, an event-sourced audit trail — and prove it holds after the fact.
Best fit for brittle, costly, or compliance-sensitive workflows where "mostly correct" has a real price.
See the mileage app case studyReimbursement that's correct by construction — and defensible after the fact.
How an engagement runs
Fit-call
25 minutes to pressure-test your riskiest point live. You leave with a threat-model sketch either way.
Scope
A fixed, written scope with the harness and deliverables named up front — no open-ended meters running.
Build & break
I do the work — attack, design, or build — with evidence captured at each step, not summarized at the end.
Handoff
Reproducible tests, a control design or working system, and a walkthrough your team can act on and re-run.
Not sure which one you need?
Bring the problem to the fit-call. If it's the wrong fit, I'll tell you — and point you somewhere better.