Custom LLM builds, on-premises deployment, and adversarial security testing for organizations putting AI into production, including documented EU AI Act adversarial-testing evidence for the August 2026 Article 15 deadline. Project-based engagements with written deliverables.
Most AI security people can't ship code. Most LLM developers don't think about security architecture.
For US companies with EU customer exposure, Article 15 of the EU AI Act sets obligations for accuracy, robustness, and cybersecurity. Demonstrating compliance means producing documented adversarial-testing evidence, not a checkbox. Secure Data Consortium delivers that evidence as a structured, defensible written package in the format regulators expect.
Adversarial probing for prompt injection, jailbreaks, and manipulation, mapped to OWASP LLM Top 10 and MITRE ATLAS.
Methodology, reproducible payloads, results, and remediation, documented to support an Article 15 conformity narrative.
A test harness your team keeps, so the evidence can be regenerated as models and features change.
Over a decade of enterprise software architecture combined with active adversarial security research, so the same practice can develop your LLM features, test them like an attacker, and document the evidence regulators ask for.
Custom LLM-backed applications and integration into your existing systems. The deliverable is working, documented code, not slides.
Retrieval pipelines built against your own corpus (case files, clinical guidelines, policy documents, internal knowledge bases) so answers are grounded in your content.
For organizations that can't send data to a third-party API. Secure Data Consortium installs, configures, and hardens an open-weight model on your own infrastructure, air-gapped or network-isolated where required, and hands back a running system your team owns and controls, with documentation to operate it.
A review of how untrusted content reaches your model and where it can be turned against you, followed by hands-on adversarial testing: prompt injection, tool-use hijacking, system-prompt extraction. You get a written report with reproducible findings, remediation priorities, and results mapped to the OWASP LLM Top 10 and MITRE ATLAS.
Test infrastructure your team keeps and re-runs against every future model version and feature change, so security testing becomes part of your release process, not a one-time report.
For US companies with EU customer exposure preparing for the August 2026 obligations under Article 15: documented adversarial-testing evidence for robustness and cybersecurity, in the format regulators expect, and re-runnable as your models change.
Security and risk documentation aligned to recognized frameworks (NIST AI RMF, ISO/IEC 42001) that demonstrates a defensible testing and risk-management process to auditors, partners, and customers.
Enterprise architecture and application development at Bank of America, Citigroup, Verizon, Walmart, and others.
Cross-model prompt injection studies on locally-hosted LLMs (Ollama). Published, reproducible methodology on GitHub.
Production algorithmic trading system on the Coinbase Advanced Trade API; custom Python and Go security tooling.
Registered security researcher on the Coinbase HackerOne program. Previously a Customer Success Engineer at Chainalysis.
A 576-trial controlled study across four reasoning conditions (Qwen 3 8B thinking off and on, DeepSeek-R1 8B, and Gemma 4 e4b), spanning eleven attack techniques, four application scenarios, and three trials each. Chain-of-thought reasoning reduces conventional prompt-injection susceptibility (Qwen 3: 64% to 54% genuine injection between non-reasoning and reasoning), but payloads that target the reasoning step itself sidestep the defense, and reasoning costs roughly 15 to 20 times more tokens per call. The conclusion: reasoning belongs alongside input and output controls, not instead of them.
A 1,280-trial study characterizing indirect prompt injection susceptibility across Llama 3.1 8B, Mistral 7B, Qwen 2.5 7B, and Qwen 2.5 Coder 7B at two production-realistic temperatures. Temperature reduction is not a reliable defense; output-format constraint achieved 0 of 40 injection on the most-susceptible model tested.
Tell us what you're working on, or schedule directly.