Projects

Selected work

SAST Benchmarking Framework for Agentic Code

SASTbench

Open-source benchmark proving traditional SAST tools score near 0% on agentic code. 57 annotated cases across 4 languages with real CVEs, PR simulation mode, and pluggable scanner adapters, mapped to OWASP Agentic Top 10.

PythonAppSecBenchmarking

View repo

Multi-Agent Adversarial Security Review Tool

XFire (CrossFire)

PyPI package with GitHub Actions integration. Uses 3 AI agents in parallel blind review with an adversarial debate engine for comprehensive code security analysis.

PythonCI/CDAI Agents

View repo

Agentic Pentesting Orchestrator

XSpark

Meta-agent pentesting orchestrator with headless browser automation, confidence scoring, and 73% accuracy on XBOW benchmarks.

PythonCLIAdversary Emulation

View repo

AI-Native Multi-Agent AppSec Scanner

SecureVibes

Architecture-aware security scanner combining SAST and DAST agents with support for 11+ programming languages.

PythonClaude Agent SDK

View repo

Retrieval-Augmented Security Analysis Agent

SecLint

Python vulnerability analysis agent integrating static analyzers (Bandit, Semgrep) with a RAG layer to produce vulnerability reports and remediation guidelines without model fine-tuning, improving detection accuracy by 35%.

PythonLangChainRAG

View repo

LLM Red-Teaming Framework

NVIDIA Garak Contribution

Contributed the BadCharacters probe to jailbreak LLMs with adversarial perturbations (zero-width spaces, homoglyphs, BiDi overrides, and backspace deletion), using differential evolution and Levenshtein distance optimization for adversarial LLM testing.

Open SourceLLM Security

View repo

Workflow Orchestration Platform

Apache Airflow Contribution

Identified and fixed SQL injection in the Hive metastore bookkeeping and Presto partition predicates via identifier allow-listing (PR #66751).

Open SourceSQL Injection

View repo