Security practitioner since 2009 — red team, AI/LLM security, IoT, and application security. Sixteen years spanning infrastructure penetration testing, purple teaming, threat intelligence, forensics, and incident response. Conference speaker. Hall of fame. Builder of open tools.

Currently working at the edge of offensive security and AI systems: red teaming LLM agents, building runtime defenses for agentic pipelines, and researching privilege escalation patterns in multi-agent tool-chaining.

---

Talks

Conference	Location	Year	Title
ThreatCon	Kathmandu, Nepal	2019	Hacking Human Lives via Body Area Network
BalCCon	Novi Sad, Serbia	2018	Hybrid Cloud Seeding
DEFCon Trivandrum	Kerala, India	2018	—

---

Writing  ·  bbinfosec.medium.com  ·  831 followers

• When the AI Traffic IS the Threat: Why SOC Teams Are Not Ready for Agentic C2 2025
• The CSRF Myth: Why CSRF Protection Isn't What You Think 2025
• Windows Active Directory Post Exploitation Cheatsheet 2018
• How I Hacked Netflix Users 2018
• Collection of Bug Bounty Tips 2019

---

Projects

	Description
AgentGuard	Runtime security for LLM agents. HMAC-signed tool calls, semantic anomaly detection, prompt injection interception before the model acts.
DVAI	Deliberately Vulnerable AI ecosystem — the DVWA equivalent for AI red teamers. Prompt injection, insecure tool use, model inversion.
distill	Scans any codebase for LLM token cost and waste. Auto-applies fixes. CI budget gate. MCP server for org-wide deployment.
agni	Open-source EDR simulator written in Rust. For red teamers who need to test evasion without burning production sensors.
bheeshma	Runtime dependency monitor for Node.js. Catches supply-chain attacks that static analysis misses. Zero deps. SARIF output. GitHub Action.
InfoSec Tasks ⭐ 176	Daily infosec problem statements for practitioners — forensics, OSINT, malware analysis, red and blue team.
Vaathi	Free cybersecurity education for India. Because the barrier to entry shouldn't be financial.

---