PhD in Software Engineering

AI agent security, blockchain infrastructure, and high-performance trading systems.

Research-engineering profile spanning formal software engineering, AI assistant security testing, EVM and DeFi security, privacy-preserving blockchain systems, distributed backends, and low-latency market-data infrastructure.

Selected work GitHub
8+ years building blockchain, security, backend, and trading systems
50+ blockchain projects reviewed across EVM, Solana, and Aptos ecosystems
$100M+ potential vulnerability impact identified through security audits
8 peer-reviewed publications plus PhD research in software engineering

Current Research

AI agent security and assistant pentesting.

The current research question is practical: when an AI agent acts, what information influenced the action, who authorized that influence, and what authority did the resulting action carry?

Research direction

The research workspace maps the security boundary created by LLM agents with memory, tools, browsers, terminals, MCP servers, long-running workflows, and cross-agent interfaces. The work emphasizes threat model clarity before implementation: attacker capabilities, context trust, memory integrity, tool authorization, capability isolation, provenance preservation, execution auditing, and cross-agent contamination control.

  • Shipped: a lineage-aware memory-governance extension to OWASP Agent Memory Guard — provenance and use-time authority that close 8 of the project's open long-horizon attack vectors.
  • Unified threat model and SoK plan for prompt injection in agentic AI systems.
  • AI assistant security pentesting harness covering all OWASP LLM Top 10 risk categories.
  • Research ideas around formal agent evaluation, learned information-flow control, MCP/tool verification, ACI security models, and persistent memory integrity.
  • Transformer and attention foundations studied from first principles, including implementation notebooks and reading packets.

Security map

Context trust Prompt injection, indirect content, hidden instructions, source provenance.
Tool authority MCP/tool poisoning, excessive agency, unsafe command or API execution.
Memory integrity RAG poisoning, persistent payloads, vector retrieval manipulation.
Evaluation Attack success rate, stealth, CIA impact, reproducible local testbeds.

Selected Systems

Built for adversarial, real-time, and financially sensitive environments.

Work spans private production systems, public repositories, security research prototypes, and DeFi products. Private repositories are available on request when appropriate.

Flagship · OWASP contribution

Lineage-Aware Agent Memory Guard

An extension built on a fork of the OWASP Agent Memory Guard reference implementation. Adds a per-entry derivation lineage graph with monotone trust, a use-time authority gate (low-trust memory may be message content but cannot authorize a recipient, command, or credential), obfuscation-aware long-horizon detection, and receipt validation — defeating memory laundering the base guard allows.

AI agent security OWASP Provenance / lineage Authority gating Python
View fork View PR #1

Result on the real project

8 / 10 of the repo's own xfail long-horizon attack vectors now pass
125 tests pass (2 xfailed); the 96 upstream tests are unchanged
4 governance layers: lineage, authority, detection, receipts

AI Agent Injection Lab

Security lab for AI assistant and agent pentesting across OWASP LLM Top 10 risks: prompt injection, sensitive disclosure, tool supply chain, RAG poisoning, improper output handling, excessive agency, system prompt leakage, embedding weakness, misinformation, and unbounded consumption.

AI security OWASP LLM Pentesting Python

STING EVM Counter-Exploit Pipeline

Real-time EVM counter-exploit system that replays attacker behavior at the bytecode layer, derives data-flow and control-flow patches, validates outcomes on forked state, and submits automated responses.

EVM Erigon traces Rust Redis/PostgreSQL

Professional Trading Platform

Market-data and trading platform processing Solana transaction streams with sub-second OHLCV aggregation, TradingView-compatible one-second candles, token price streams, liquidity updates, low-latency APIs, and setup/deployment pipelines using GitHub Actions and GCP Cloud Run.

Solana Market data OHLCV Streaming Cloud Run GitHub Actions

PulseDex Backend

Backend work for pulsedex.trade, including real-time Solana data streams across multiple Solana DEXes, token properties and holder statistics, backend support for TradingView-compatible candles, and AWS deployment for production service operation.

pulsedex.trade Solana streams Token stats TradingView AWS

Solana DEX Aggregator + Ethereum DEX Arbitrage Bot

Rust DEX aggregator integrating Raydium, Orca, PumpFun, Meteora, Bonk, and other protocols with REST quotes, gRPC streaming, liquidity filtering, split-path routing, and sub-second responses. Also built Ethereum-based DEX arbitrage automation for monitoring price differences, routing opportunities, and execution constraints across EVM liquidity venues.

Rust gRPC Routing Solana/Ethereum Arbitrage

High-Performance Trading Engine

Core matching engine and perpetual exchange design work, including order processing, margin calculations, liquidation logic, cross-margin and isolated-margin flows, settlement validation, WebSocket order placement, gRPC service calls, PostgreSQL persistence, Docker environments, and production-style integration tests. Public reference: perp-exchange-from-scratch.

Trading Perpetuals Matching engine Risk Rust

Arcadia Security Audits

Smart contract and protocol security review deserves its own surface.

Security auditing is a major part of the portfolio, not a side note. The work is tied to Arcadia and covers adversarial review across DeFi protocols, bridges, layer-1 systems, and trading-adjacent blockchain logic.

Audit and adversarial engineering focus

Conducted security reviews for 50+ blockchain projects across Ethereum, Solana, and Aptos ecosystems, identifying and helping resolve 300+ issues with potential impact above $100M. The audit work is strongest where protocol logic, financial correctness, and adversarial execution meet: bridges, DeFi accounting, liquidation flows, access control, oracle assumptions, transaction ordering, and invariant design.

DeFi protocol review Accounting, liquidation, oracle, slippage, collateral, staking, and settlement invariants.
Bridge and custody risk Validator flows, MPC assumptions, destination-chain state, replay risk, and signer safety.
EVM execution analysis Bytecode behavior, calldata, fork simulation, trace inspection, and MEV/counter-exploit logic.
Layer-1 and Move/Rust review Consensus-adjacent logic, protocol invariants, Rust/Solana programs, and Aptos Move systems.

Blockchain And Security

Protocol engineering, audits, privacy, and bridge infrastructure.

The blockchain work combines core protocol changes, security review, privacy primitives, cross-chain settlement, validator infrastructure, and product ownership.

DAPS

C++ privacy blockchain

Proof-of-Stake privacy blockchain using secp256k1 cryptography, ring signatures, RingCT-style confidential transactions, Bulletproofs, and stealth-address mechanisms. GitHub

Viction

Core blockchain development

Proof-of-Stake consensus work, modified Geth architecture, two-second block times, public RPC and masternode infrastructure, plus privacy-preserving TomoP protocol work using zk-SNARKs.

VicPool

DeFi staking protocol

Co-founded the largest DeFi protocol on Viction Chain, with $20M+ TVL peak, 10,000+ users, liquid staking mechanics, backend infrastructure, smart contracts, monitoring, and team leadership. vicpool.fi

Paradiso Bridge

Cross-chain bridge and MPC custody

Multi-chain bridge architecture across 8+ EVM-compatible networks, Rust-based MPC validator components, decentralized custody, indexing, validation, settlement monitoring, and alerting.

Audits

Smart contract security

Security reviews across Ethereum, Solana, and Aptos projects, covering DeFi protocols, bridges, liquidation logic, oracle handling, access control, arithmetic safety, and protocol invariants. Audit index

PhD Research

Software engineering for distributed and reactive systems.

Doctoral research at University of Paris-Saclay and CEA Nano-Innov France focused on model-based software engineering, model-code synchronization, distributed embedded systems, architecture specifications, and C++ performance frameworks.

Model-Code Synchronization

PhD thesis on methodologies for model-code synchronization in reactive system development, connecting software architecture models with implementation-level engineering work.

PhD thesis Model-based engineering Reactive systems

Distributed Systems Research

C++ frameworks and high-throughput data processing pipelines for distributed embedded systems, with focus on real-time performance, multithreading, and low-latency communication.

C++ Distributed systems Performance

Research Output

Eight peer-reviewed publications on distributed systems, model-driven engineering, incremental roundtrip engineering, software architecture, and collaboration between architects and programmers.

8 publications DBLP Software architecture

Technical Stack

Low-level systems, security review, backend infrastructure, and research tooling.

The stack reflects what has been used across production blockchain systems, trading infrastructure, security tooling, cloud deployments, and AI-security research labs.

Languages

  • Rust
  • C++
  • Solidity
  • Go
  • Python
  • TypeScript / JavaScript
  • Move

Security

  • EVM bytecode and calldata
  • Smart contract auditing
  • AI agent threat models
  • Prompt injection testing
  • MCP/tool protocol risks
  • Privacy cryptography

Infrastructure

  • PostgreSQL
  • Redis
  • Docker
  • Kubernetes
  • GCP Cloud Run
  • AWS deployment
  • GitHub Actions CI/CD

Trading

  • Matching engines
  • Market-data streams
  • DEX aggregation
  • OHLCV pipelines
  • Risk calculations
  • Settlement workflows