AI Security & Detection Validation
I help security leaders turn AI threat hunting, agentic system risk, telemetry gaps, and detection coverage questions into practical evidence models and usable validation workflows.
What This Work Solves
AI systems change the shape of security evidence. A single action can involve a user prompt, a model response, a retrieval result, an OAuth grant, a tool call, a cloud identity, a data access event, and a human approval. Traditional detection content often sees only one slice of that chain.
My AI security and detection validation work focuses on making those chains visible enough to investigate, validate, and explain. The goal is not vague AI risk language. The goal is a defensible answer to a sharper question: if an AI assistant, workflow, or agent behaves badly, can the security program reconstruct what happened, identify which controls fired, and explain the blast radius to leadership?
How I Approach It
- Start with investigation questions. I define what analysts, incident responders, and executives would need to know during an AI-related incident before deciding which logs or controls matter.
- Map the AI evidence chain. I connect identity, retrieval, tool-call, approval, data-access, and model-output evidence into an investigation model that can survive pressure.
- Validate detection coverage. I translate AI misuse scenarios into testable detection hypotheses, control assertions, and telemetry requirements.
- Build proof artifacts. I favor field-ready tools, templates, and hunt briefs over abstract recommendations because proof-of-work is easier to trust than a slide with good intentions.
Proof Of Work
AI Threat Hunt Builder
A Firebase-hosted workflow for turning AI system scope, evidence layers, and investigation questions into analyst-ready hunt briefs.
Open artifact ->AI Asset & Blast Radius Mapper
An interactive mapper for AI assets, identities, tool access, data exposure, and CISO-facing blast-radius narratives.
Open artifact ->AI Agent Telemetry Contract
Source-backed telemetry requirements and control language for seeing what AI agents did, which identity they used, and what should have constrained them.
Open artifact ->Evidence Model Research
Writing on how defenders reconstruct AI incidents when evidence lives across prompts, tools, retrieval records, logs, and human approvals.
Open artifact ->Useful For
This lane is useful for security teams adopting AI assistants, piloting agentic workflows, reviewing AI-enabled SaaS products, building SOC visibility around AI activity, or preparing for executive questions about AI security readiness. It is also useful for recruiters and hiring teams looking for a cybersecurity director who can connect AI security strategy to detection engineering, incident response, and real operating evidence.
Start Here
The fastest path is to open the AI Threat Hunt Builder, then read the evidence model research. For broader risk translation and DFIR-ready control language, the next page is Cyber Risk Advisory.