Hong Kong · Agentic AI × Security
Security engineer building agentic AI systems.
8+ years securing software and financial systems, now focused on building AI agents — and keeping them safe. I write open-source multi-agent platforms, AI coding agents, and LLM security tooling, with 170+ stars on GitHub across a dozen original projects.
CISSP · OSWE · builder of things that pass their own security review
Multi-agent orchestration, agent memory & skills, MCP / A2A integrations — agents that do real work, with guardrails designed in from the start.
LLM threat modelling, prompt-injection defence, guardrail engineering, and securing the pipelines that ship AI into production.
Secure SDLC, code auditing, and offensive security — years of breaking systems in regulated environments, applied to building better ones.
Multi-agent security-assessment platform: six phase-specialised LLM agents orchestrated with LangGraph, hybrid vector + knowledge-graph RAG, MCP/A2A protocol integration.
Python · FastAPI · LangChain · ChromaDB · React Read the write-up →AI coding agent for regulated environments — 8-state agent loop, policy-bounded tool use, sandboxed execution, hash-chained tamper-evident audit logs. Terminal, web & desktop frontends from one binary.
TypeScript · React · Bun Read the write-up →An AI coding agent built for regulated environments — org-policy enforcement over tools, models, shell and file paths, sandboxed execution, and a h...
Why I built DocSentinel as six specialised agents coordinated by a graph, and what hybrid vector + knowledge-graph retrieval actually buys a securi...