Security engineer and vulnerability researcher specializing in AI systems, cloud security, and enterprise DevSecOps.
Senior Cloud Security Engineer at Wyze Labs. Discovered vulnerabilities in Next.js, Google Gemini CLI, Microsoft Azure, Anthropic Claude MCP, and NSA's Emissary project. Research featured in The Hacker News, The Verge, and international media.
Media Coverage
Anthropic MCP Git Server Vulnerabilities (CVE-2025-68143) - Featured in The Hacker News, Dark Reading, Infosecurity Magazine, CSO Online, InfoWorld, SiliconANGLE, and Techzine (January 2026)
Microsoft Azure NLWeb Vulnerability - The Verge exclusive interview. Subsequently featured in 30+ international outlets including PCWorld, IT Pro, Neowin, Tom’s Guide, CIO Korea, 3DNews Russia, iSpazio Italy, Dagens AI Denmark — with coverage in 10+ languages across North America, Europe, Asia, and South America (August 2025)
Notable Vulnerabilities
- Credential Exfiltration in Anthropic MCP Git Server - CVE-2025-68143 • Capability Laundering (76K Stars)
- Sandbox Bypass in Anthropic Claude Code - CVE-2025-66479 • Network Isolation Bypass
- Command Injection in Google Gemini CLI - 4 Bypass Techniques • Google Cloud VRP, Bounty Confirmed (80K Stars)
- Current Working Directory Bypass in Google Gemini CLI - Path Restriction Bypass • Google Cloud VRP (80K Stars)
- Path Traversal in Microsoft Azure NLWeb - Featured by The Verge
- DoS in Next.js - CVE-2024-39693 • CVSS 8.7 (135K Stars)
- Terminal Hijacking in Anthropic MCP Memory Server - Security Fix PR • Capability Laundering (76K Stars)
- RCE in Microsoft OmniParser - CVE-2025-55322 (23K Stars)
- Weak Crypto in NSA Emissary Project - CVE-2025-27508 • CVSS 7.5
Recent Talks
Invisible Threats in AI Agents and Apps: Real-World 0-Days Everyone Should Know
Silicon Valley Cybersecurity Meetup • 200+ Attendees • Sep 24, 2025
Leveraging Amazon Q CLI for Security Workflows
Amazon Invited Talk • 150+ Engineers • Aug 2025
Introduction to Amazon SP-API Guard Automated Auditing
Amazon Developer University Webinar Series • 200+ Developers • 2023
Building Secure Cloud-Native SaaS with AWS SaaS Factory
AWS Enterprise Forum • 300+ Attendees • Beijing • Aug 12, 2022
Blog Posts
CVE-2025-66479: Anthropic’s Silent Fix and the CVE That Claude Code Never Got (2025)
Three Dots to Root: How I Found a Path Traversal in Microsoft’s Agentic Web (NLWeb) (2025)
Rotate Your SP-API Credentials Using AWS (May 17, 2023)
Using Amazon Selling Partner API Guard for Security Audits to Make Your SP-API Applications More Compliant (Dec 6, 2022)
Whitepapers & Industry Impact
- CNCF, Software Supply Chain Best Practices v2, Reviewer (2024)
Referenced by NIST SP 800-218 - Secure Software Development Framework - Cloud Security Alliance, Managing Privileged Access in The Cloud-First World, Reviewer (2025)
- Cloud Security Alliance, Secure Agentic System Design, Reviewer (2025)
- CNCF Security TAG, Cloud Native AI Security Whitepaper, Author (In Review, 2025)
Experience
Wyze Labs - Senior Cloud Security Engineer (2024 - Present)
Leading cloud and AI security across 200+ AWS accounts, 20+ GCP projects, securing AI products like AI Video Search and Descriptive Alerts.
Amazon - Security Solutions Architect (2020 - 2023)
Drove security compliance for 90 ISVs, launched SP-API Guard, mentored engineers, built serverless security solutions.
Cisco Webex - Software Engineer (2020)
Infrastructure provisioning and GitOps for K8s clusters, managed 100K+ VMs across cloud providers.