Security engineer and vulnerability researcher specializing in enterprise cloud security, DevSecOps, and AI systems.

Senior Cloud Security Engineer at Wyze Labs. Discovered vulnerabilities in Next.js, Google Gemini CLI, Microsoft Azure, Anthropic Claude MCP, and NSA Emissary. Research featured by The Verge and international media.

GitHub • LinkedIn • Publications

Media Coverage

The Verge exclusive interview on Microsoft Azure NLWeb vulnerability. Subsequently featured in 30+ international outlets including PCWorld, IT Pro, Neowin, Tom’s Guide, CIO Korea, 3DNews Russia, iSpazio Italy, Dagens AI Denmark — with coverage in 10+ languages across North America, Europe, Asia, and South America.

Notable Vulnerabilities

• Command Injection in Google Gemini CLI - 4 Bypass Techniques • Google Cloud VRP, Bounty Confirmed (80K Stars)
• Current Working Directory Bypass in Google Gemini CLI - Path Restriction Bypass • Google Cloud VRP (80K Stars)
• Path Traversal in Microsoft Azure NLWeb - Featured by The Verge
• DoS in Next.js - CVE-2024-39693 • CVSS 8.7 (135K Stars)
• Path Traversal & RCE in Anthropic MCP Servers - Security Fix PR (68K Stars)
• RCE in Microsoft OmniParser - CVE-2025-55322 (23K Stars)
• Weak Crypto in NSA Emissary Project - CVE-2025-27508 • CVSS 7.5

Recent Talks

Invisible Threats in AI Agents and Apps: Real-World 0-Days Everyone Should Know
Silicon Valley Cybersecurity Meetup • 200+ Attendees • Sep 24, 2025

Introduction to Amazon SP-API Guard Automated Auditing
Amazon Developer University Webinar Series • 200+ Developers • 2023

Building Secure Cloud-Native SaaS with AWS SaaS Factory
AWS Enterprise Forum • 300+ Attendees • Beijing • Aug 12, 2022

Blog Posts

Three Dots to Root: How I Found a Path Traversal in Microsoft’s Agentic Web (NLWeb) (2025)

Rotate Your SP-API Credentials Using AWS (May 17, 2023)

Using Amazon Selling Partner API Guard for Security Audits to Make Your SP-API Applications More Compliant (Dec 6, 2022)

Whitepapers

• Cloud Security Alliance, Secure Agentic System Design, Reviewer (2025)
• CNCF Security TAG, Cloud Native AI Security Whitepaper, Author (In Review, 2025)
• CNCF, Software Supply Chain Best Practices v2, Reviewer (2024)

Experience

Wyze Labs - Senior Cloud Security Engineer (2024 - Present)
Leading cloud and AI security across 200+ AWS accounts, 20+ GCP projects, securing AI products like AI Video Search and Descriptive Alerts.

Amazon - Security Solutions Architect (2020 - 2023)
Drove security compliance for 90 ISVs, launched SP-API Guard, mentored engineers, built serverless security solutions.

Cisco Webex - Software Engineer (2020)
Infrastructure provisioning and GitOps for K8s clusters, managed 100K+ VMs across cloud providers.