I bring rigour to destruction — pattern never changes: Code implementing well-defined protocol gets it wrong, that's your vulnerability site, exploitation is zero-day. Take code everyone trusts, find attack everyone missed.
Britain's most-stolen car, the nineties Vauxhall Nova, no immobiliser, hid an ignition bypass behind a square plastic rocker. Its hazard switch has 180° rotational symmetry: Pull it out, turn it upside down, push it back in, and the cam that merely flashed the hazards now bridges the ignition rail straight to twelve-volt battery. The car starts; the key barrel is never touched. Reported to Vauxhall, 2001.
Sometimes protocols are understudied and ill-defined, their security unknown — I write down what they must do to achieve precise security goals. It began in trusted computing's era, with Direct Anonymous Attestation by HP-IBM-Intel, shipped in billions of chips to prove a machine's capabilities without revealing its identity. I broke its privacy, corrupt administrators, even a passive eavesdropper, could unmask users, pioneered a machine-checkable definition of the privacy it promised, and proved the repaired schemes meet it. Break, define, prove.
Then the web. TLS encrypts a connection but can't force it to finish; truncate it at the right moment, and browser & server are left believing different things, a logout that never reaches the server, a warning the browser never sees. I leveraged that into owning Microsoft accounts, partial control of Google's, and throwing elections, on stage at Black Hat'13. And because a standard no one understands is a standard no one secures, I wrote the engineer's guide, raising so many questions, IETF revised the standard.
AI is our rude awakening — this is not a drill — every system we rely on at brink of collapse.
My agents and I built a battleground. Us against critical infrastructure. Simulating attacks, fortifying live systems, six zero days in six days for a fiver. Unfettered access to classified material (walkthrough'26), remote kill switches (burst'26, shatter'26), kernel vulnerabilities (under disclosure). Day forty-nine: Nineteen zero days disclosed, twenty-one under review, five-hundred-plus unopened. Manual triage just collapsed. The patch pipeline is burning out. Summer'26 will witness nations crippled — when your enemy controls your comms, how will you operate?
CISO autonomy, auto-triaging coordinated disclosure into a verified production fix, barely viable prototype built: Demo dropping soon — showcasing autonomous detection and protection of content delivery, transport security, and host-to-host comms. Critical infrastructure rides on this complexity. ‘Good’ isn't enough. Billions spent, decades specifying, auditing, deploying these protocols; nobody checked they're right. They're not.
Three thousand mandatory clauses, wire vocabularies of 264 possibilities, handshakes spanning 2256 shapes. The brute-force search space dwarfs anything ever attempted — Bitcoin's lifetime mining surface is a rounding error. Throwing the world's mining capacity at it, with state-of-the-art fuzzing, wouldn't find a single bug before the sun burns out. The challenge is compression into something tractable; we reduce exponential search to linear.
day zero defence · critical infra patch +1hr · economy patchable on-demand