Selected Work

A short, organized index - not an archive dump.

Three categories of active work, ordered by what I actually spend time on. Older technical writeups are preserved in the Archive.

Security Research

Security Research

Applied security research, vulnerabilities, and short technical writeups.

2 entries
2026

CVE-2026-48029: Two grid-decode bugs in libheif

Vulnerability research - CVE-2026-48029 · Public / Patched

A single afternoon of fuzzing against libheif 1.21.2 produced two memory-safety bugs in the same function. F1 is a NULL pointer dereference on a malformed grid dimg reference - deterministic DoS-on-decode from any public decode API. F2 is a uint32 underflow in the inverse-rotation tile arithmetic that feeds a debug-only assert; in NDEBUG release builds (the configuration typical distribution packages use) the assert is compiled out and the access becomes a heap out-of-bounds read with an attacker-influenced offset. Reported privately on 2026-05-02; fixed in libheif 1.22.0 on 2026-05-19. Tracked as GHSA-6x5f-qchq-cxqv and assigned CVE-2026-48029.

Read the writeup
2020

Finding CVE-2020-1321: Fuzzing Office's 3D Model Parser

Vulnerability research - CVE-2020-1321 · Public / Patched

A grammar-driven .glb fuzzing campaign found a memory-corruption bug in the shared 3D parser used by Microsoft Word and the Microsoft 3D Viewer. Reported to MSRC in January 2020; patched on June 9, 2020 as the Microsoft Office Remote Code Execution Vulnerability (CWE-119, CVSS 7.8, Exploitation Less Likely).

Read the writeup
Systems Design & Writing

Systems Design & Writing

Security architecture, fuzzing, things I built - and essays on AI and how engineering work is changing.

3 entries
2026

AI Slop Is a Leadership Problem

Essay - AI and technical direction

AI collapsed the time to a working solution, but the time to real understanding did not move. An essay arguing that slop is not created by AI but by lack of direction - and that when execution gets cheap, leverage shifts to whoever defines the problem, knows the customer, and holds the quality bar while the team learns to use the amplifier.

Read the essay
2026

Anvil: An Autonomous Vulnerability-Research Platform

Research platform architecture

Not an AI that finds bugs - a vulnerability-research system where AI agents do the repetitive glue work (codebase mapping, harness writing, triage, reachability tracing) and deterministic infrastructure decides what is true: markdown state, schema validation, a Playbook that ranks where to look, and an enforced evidence ladder that refuses to call a sanitizer crash a vulnerability. The architecture, a libpng walkthrough, and an honest read on the public findings so far, including CVE-2026-48029.

Read the writeup
2026

LLMs Are Probabilistic. Agent Authority Cannot Be.

Agent security architecture

Agents now take real, privileged, sometimes irreversible actions, but the models driving them only ever predict. A design argument for compiling the user's original request into a scoped task policy before untrusted context arrives, then enforcing that scope deterministically, outside the model.

Read the writeup
Startups

Startups

SNDBOX, OmniBoard, and the founder/product work that came with them.

1 entry
2023-2024

OmniBoard: The Board Game Console That Didn't Pencil Out

Founder · boardgames console · Shelved on hardware costs

OmniBoard was a console for board games: multi-touch board, flexible color e-ink cards, OmniShop marketplace, creator SDK. Same hardware, infinite games. The product vision worked. The math did not. The post-mortem on a ~$553 BOM that could not survive a $500 retail target.

Read the writeup