Building autonomous offensive security tooling at the intersection of AI agents and real-world infrastructure.
Creator of Pinaka · Speaker at 13+ international security conferences · AI Security Village Host @ BSides Luxembourg 2026
- Agentic AI Security — attacking and defending AI agents with tool access in production environments
- LLM Red Teaming — prompt injection, confused deputy attacks, excessive agency exploitation
- MCP Security — Universal Socket MCP Server architecture, agentic attack surface mapping
- API Security — OWASP API Top 10, attack surface management, automated exploit testing
| Target | Severity | Type |
|---|---|---|
| Emergent | Critical | Cloud infrastructure misconfiguration |
| RedBull | Critical | Autonomous agent finding — PII leakage |
| Porter | High | Sensitive data exposure |
Pinaka — MCP-native autonomous penetration testing platform powered by Claude. Autonomous external recon agents, Shadow AI hunting, auto-bounty generation, Hunter dashboard. Has produced confirmed Critical findings against real-world production targets with zero human involvement.
coraza-leet-normalize — Open source transformation plugin for the Coraza WAF. Strips leet speak, Cyrillic/Greek homoglyphs, and zero-width Unicode characters before regex matching to catch WAF evasion attempts. Now officially listed on the Coraza plugins page.
Cyfer — Full-stack subdomain discovery and API attack surface tool. Flask, React, MongoDB, Shodan integration with ML-based misconfiguration detection.
LLM Red Team Ranger — Continuous LLM vulnerability testing via adversarial conversation simulation with severity classification and automatic halt on critical discovery.
PromptGuard — LLM system prompt vulnerability scanner aligned to OWASP LLM Top 10.
Intent Sentinel — LLM-aware AI firewall for chat interfaces using GPT-3.5 for intent classification and trust filtering.
AI Security Village Host — BSides Luxembourg 2026 (May 6–8)
Curating a 2-day village with 12 sessions covering offensive AI, agentic risk, defensive tooling, and AI-as-a-Service security.
Featured Speaker at:
AI Dev World · API World · HOUSE SEC CON · InfoSec Nashville · BSides Cayman Islands · BSides Seattle · BSides Luxembourg · BSides SLC · BSides Pittsburgh · OWASP BASC · ISACA GRC · CyberJutSuCon · DASH by Datadog
- Certified AppSec Practitioner (CAP) — The SecOps Group
- Certified AI/ML Pentester (C-AI/MLPEN) — The SecOps Group
- MS in Cybersecurity — Northeastern University
Bug XS (2019) — Founded and scaled a cybersecurity community. Trained 700+ students in web application security and bug bounty hunting across multiple colleges in Gujarat.
2nd Place — TCS Global Best Ethical Hacker Competition
Innovation Pride Award Q1 — Tata Consultancy Services
