Tools & Research

AI-powered application security testing product at Bishop Fox. Autonomous agents that test entire application portfolios at scale, finding vulnerabilities across web apps that manual testing misses. Shipped to production, used by enterprise customers.

AI judge agent for NEBULA:FOG 2026. Watches hackathon demos via Gemini Live, scores with a multi-model ensemble (Claude + Gemini + Groq), defends against prompt injection in 7 languages. Judged 25 live demos. 1,451 tests passing.

Expert-curated deep dives on offensive security tools and AI agents. CLI pipeline powered by Claude that ingests GitHub stars, analyzes repos, and generates long-form articles autonomously. Live at starlog.is.

Open-source templates for documenting vulnerabilities in LLM integrations. Curated list of every open-source LLM testing tool. 74 stars, community standard.

Contributed the 'rcrce' cybersecurity challenge to METR's HCAST benchmark for evaluating autonomous AI agents. A 2.8-hour PHP race condition exploit task requiring RCE and flag retrieval. Zero AI agents have solved it. Built to the METR Task Standard for measuring frontier model capabilities.

AI safety research: GPT-2 model trained on fake PII to study data leakage from language models. CTF-style challenge where participants extract synthetic PII using prompt injection and NLP techniques. Demonstrates real risks in model memorization.

Find cloud assets that no one wants exposed. Discovers internet-facing AWS resources across 14 services. 348 stars. Used by security engineers and pentesters worldwide.

The search engine hacking toolkit. GoogleDiggity, BingDiggity, SHODANDiggity, and more. Created the Bing Hacking Database. Started it all.