Active research, tools, papers in progress.
The canonical index. Shipping tools and paper-staging investigations, with status, embargo notes, and links to docs sites or repos for each.
Weight steganography: covert channels in neural network weights and the defenses against them.
Characterising the steganographic capacity of NN weights, building detectors for weight-level covert channels, and studying the supply-chain implications for distributed model artifacts. Defensive intent. Public site is intentionally minimal until paper clears review.
The first structure-aware fuzzer for ML model formats and inference infrastructure.
Targets the seam between model distribution and inference: GGUF parsers, ggml-rpc, Jinja2 templates, API endpoints. 60 mutation strategies, 35+ fuzz harnesses, automatic CVSS scoring, CVE submission templates.
Offensive toolkit for Microsoft System Center Orchestrator: the credential vault nobody had tooled up.
SCORCH stores encrypted credentials for AD, SCOM, SCCM, VMM, Exchange, and Azure through Integration Packs. Single Go binary, no domain join, full auth matrix (NTLM / PtH / Kerberos / keytab / ccache).
Weaponize documents. Test RAG defenses. Harden pipelines.
A Go library and CLI that generates documents containing hidden prompt-injection payloads for testing RAG pipelines. 11 formats, 63 hiding techniques, 75 payload templates, and a validation engine that simulates extraction by LangChain, LlamaIndex, Unstructured.io, and Haystack. Operationalises PoisonedRAG (USENIX '25) and PhantomText (AISec '25).
RLVR training on consumer AMD silicon.
A reinforcement-learning-from-verifier-rewards framework targeting Strix Halo APUs and ROCm. Public dev logs, open framework, ongoing benchmarks.
Exploring RLVR for security research.
Applies Reinforcement Learning from Verifier Rewards to security domains where outcomes can be objectively verified — code compiles, tests pass, detections fire. Configurable reward signals from binary pass/fail to graduated rewards keyed on detection severity, with verification modes from compile-only to full EDR.