AI Security & Research Publications
May 14, 2026 · View on GitHub
This repository showcases my research, practical implementations, and thought leadership in AI security, machine learning, and emerging technologies. Most content is originally published on my LinkedIn profile.
Featured Publications
Provable Assurance for Agentic Systems
Whitepaper presenting a verification framework for AI systems that reason and act autonomously. Argues that traditional AppSec models are insufficient for agentic and neuro-symbolic systems, and introduces provable assurance — a layered operating model combining formal methods, continuous security evaluation, evidence-driven policy enforcement, and renewable approval. Includes an assurance claims matrix, threat taxonomy for agentic systems, worked failure scenarios, a phased maturity model, and practical workstreams for building verification infrastructure.
Provable Assurance in ORPHEUS: The Collaboration Story
LinkedIn Article | GitHub Repository
Collaboration with Nur Gucu to integrate the Provable Assurance framework into ORPHEUS — a multi-skill AI system builder. The contribution adds named assurance claims with explicit validation methods, machine-readable evidence packages, renewal triggers for re-validation on change, and a catalog extension pattern for industry-specific assurance profiles. The integration brings claim-based safety verification into a working agentic framework using natural language and zero infrastructure.
AI Agents Security
Slide presentation covering key concepts in AI agent security, including threat models, attack surfaces, and considerations across tools, memory, and orchestration layers.
Memory for Agentic AI
Exploring memory architectures and their critical role in enabling truly autonomous AI agents.
Machine Learning for Security Professionals: Beyond the GenAI Hype
A practical guide for security professionals to understand and leverage machine learning beyond generative AI applications.
Managing Context Rot with Amazon Q CLI's Experimental /knowledge Command
Introducing semantic knowledge indexing capabilities in Amazon Q CLI to maintain persistent context across chat sessions without token budget constraints.
Securing Enterprise Cognition: A CISO's White Paper for the Generative-AI Era
Strategic guidance for CISOs navigating the security challenges of enterprise AI adoption.
Building a Unified Language Interface for Hybrid Data Access - Lessons Learned
Technical insights from implementing natural language interfaces for complex data systems.
MCP Security Research Series
Security Risks of STDIO-based MCP Servers
Analysis of security vulnerabilities in Model Context Protocol implementations.
MCP Authorization Enterprise-Readiness Snapshot (May 2025)
Assessment of MCP authorization frameworks for enterprise deployment.
Emerging C2 Threats in GenAI: SSE Abuse in MCP-Enabled Systems
Investigation of command and control threats targeting generative AI systems.
MCP Security Guidance: Secure MCP across creation, operation & update
Comprehensive security framework for Model Context Protocol lifecycle management.
AWS Security Publications
Navigating the Security Landscape of Generative AI
AWS whitepaper on generative AI security considerations and best practices.
Enhancing Cloud Security in AI/ML: The Little Pickle Story
Deep dive into AI/ML security vulnerabilities and mitigation strategies.
Accelerate Incident Response: Leveraging Natural Language with Amazon Q Business
Exploring how natural language interfaces can transform incident response workflows.
AI Research & Analysis
Developers Now Own AI Output, Not Just Code
Examining how developer ownership has expanded in the GenAI era beyond code authorship to include accountability for AI-generated output, emphasizing that verification has become the primary constraint as generation costs decrease.
Velocity Without Assurance: The Real Risk of GenAI Agents
Examining the gap between agentic AI's ability to generate outputs and an organization's capacity to validate them. Argues that trust in agent-produced artifacts (threat models, pull requests, detections, policy recommendations) must be grounded in explicit claims, measurable evidence, and continuous evaluation rather than demonstration-level confidence. Connects to prior work on Provable Assurance for Agentic Systems.
Hidden Vulnerabilities in AI Generated Software: Why Adversarial NLP Testing Should Include Geopolitical Context
Analysis of CrowdStrike research demonstrating how geopolitical context in prompts can increase vulnerability rates in AI-generated code, with recommendations for expanded adversarial testing procedures.
AI That Thinks vs. AI That Predicts: A Polar Navigation Test
Comparative analysis of reasoning capabilities in modern AI systems.
AI Model Security: Understanding Risks vs. Unfounded Concerns
Balanced perspective on AI model security risks and threat landscape.
Securing the Future of AI: My Journey & How You Can Build Yours
Personal insights on building a career in AI security.
The Transformative Power of Emergent Behaviors in Large Language Models
Analysis of emergent capabilities in large language models and their implications.
Unlocking the Power of Open-Source Generative AI: Ollama + OpenWebUI v0.4.0
Technical guide to deploying open-source AI models locally.
macOS 26 Apple Container CLI: First-Party Containerization for AI Workloads
GitHub Repository | LinkedIn Post
Exploring Apple's new first-party container CLI built on its Containerization framework, with practical guidance for hosting Open-WebUI and analysis of Apple's isolation model. The GitHub repository includes implementation scripts and detailed setup instructions.
Practical Implementations
GenAI Essentials
GitHub Repository | LinkedIn Post
Jupyter notebooks covering essential concepts in Generative AI and Large Language Models, including:
- LLM security considerations and best practices
- Retrieval-Augmented Generation with local data
- Multimodal AI and document understanding
- Agent frameworks and architectures
- Model Context Protocol (MCP) integration for AI tool security
GenAI Red Teaming Training
GitHub Repository | LinkedIn Post
Hands-on training series covering AI threat modeling, red/blue exercises for GenAI services, and governance guardrails with runnable labs and facilitator guidance.
Secure MCP AgentCore for Amazon Bedrock
GitHub Repository | LinkedIn Post
Reference architecture and hands-on guides for securing Anthropic-style “code execution with MCP” patterns on AWS using Amazon Bedrock AgentCore, including strong isolation patterns, a design whitepaper, an executable lab notebook, and a console runbook.
KiroForge: Kiro Powers Framework
GitHub Repository | LinkedIn Post
Python toolkit for authoring, validating, and testing Kiro Powers. Modular agent capabilities that bundle tools, steering, and behavioral constraints into reusable, testable units. Features standardized POWER.md schema, validation CLI, interactive authoring workflows, and enterprise governance for scaling AI agent behaviors securely.
AI Shield Intelligence
GitHub Repository | LinkedIn Post
An open-source AI threat intelligence project focused on advanced research into adversarial attacks against AI and LLM systems, with an emphasis on understanding techniques before they become mainstream. Includes research-driven adversarial techniques and attack patterns, technical analysis and references, and practical defensive considerations for AI builders and security teams.
About
This collection represents ongoing research and analysis in AI security, machine learning operations, and emerging technology risks. Each publication addresses practical challenges faced by security professionals, engineers, and organizations adopting AI technologies.
For the latest updates and discussions, follow me on LinkedIn.