4. Security & Compliance

Runs security test suites including OWASP, DeepTeam, and adversarial prompt testing to validate AI safety and conduct security audits.

Manages adversarial red-teaming campaigns for Aegis simulations, focusing on prompt transformations and jailbreak testing to identify AI system vulnerabilities.

Scans user-provided code for security vulnerabilities including XSS and SQL injection, delivering immediate security assessment upon request.

Performs focused accessibility checks on code for WCAG compliance in response to user queries about accessibility or WCAG standards.

Identifies and mitigates container security antipatterns including runtime escapes, supply chain risks, and registry vulnerabilities in Docker and Podman.

Routes sensitive user queries to a local LLM to prevent data exfiltration, ensuring compliance with security policies for confidential information.

Conducts security audits to identify vulnerabilities, compliance gaps, and sensitive data exposure in code before production deployment.

Performs security reviews of GitHub repositories against OWASP ASVS and NIST 800-53 standards, generating checklists, vulnerability reports, and security requirements.

Conducts enhanced security, architecture, and performance verification for high-risk tasks to prevent data loss and security breaches.

Enforces enterprise-grade security in Next.js applications using RBAC, CSRF protection, and CSP.

Validates project code and governance against constitutional rules, ensuring compliance throughout development and review cycles.

Analyzes binary executables via disassembly, decompilation, and control flow to identify security patterns and assess compiled code.

Analyzes and bypasses anti-reversing techniques in protected binaries for authorized security analysis and understanding software protection mechanisms.

Analyzes memory dumps for incident response, malware analysis, and artifact extraction using Volatility framework.

Analyzes network protocols through packet dissection and traffic analysis to document proprietary protocols and debug communication channels.

Designs and implements secure admin APIs in Next.js 16 with RBAC, CSRF protection, tenant isolation, and audit logging to meet corporate security standards.

Designs secure systems with threat modeling, Zero Trust implementation, and compliance to NIST/ISO 27001 frameworks.

Provides security layers for autonomous agents through system instruction governance, multi-stage filtering, and continuous red-teaming.

Enforces data isolation, PII redaction, and defense against prompt injection attacks in agent contexts.

Prevents Dynamic Capability Injection, Tool Shadowing, and Confused Deputy attacks in MCP agent communications with external servers.

Securely investigates database issues via Jira tickets with anomaly detection, multi-agent parallel processing, and auto-learning from past investigations.

Validates skill quality and security before sharing, scanning for PII/secrets and ensuring proper structure and description.

Guides implementation of authentication, authorization, and API security measures including JWT, OAuth 2.0, and RBAC.

Forces mandatory citation and test checklist for hardware configuration changes to ensure regulatory compliance and documentation integrity.