Research focus

Building secure, efficient infrastructure for tool-using LLM agents.

Thesis spine

As LLM agents gain the ability to use tools, call APIs, and interact with external systems, they require infrastructure that is both efficient (handling long contexts and complex orchestration) and secure (enforcing least-privilege access and resisting adversarial manipulation). My research develops systems-level solutions at this intersection: memory management for inference, authorization for tool access, and observability for attack detection.

Research questions

Secure KV-Cache Memory Tiering

"How can we design memory-efficient KV-cache systems for long-context LLM inference while maintaining security guarantees?"

Investigating page-based eviction strategies, speculative prefetching, and memory tiering for transformer attention caches.

TokenVM KV-Cache Profiler

Least-Privilege Tool Authorization

"How do we enforce fine-grained, capability-based authorization for LLM agents accessing external tools?"

Applying Google Zanzibar-style authorization models to agent-tool interactions, with dynamic capability tokens and audit logging.

A2AS actionsec OpenFGA

Adversarial Robustness in Tool Environments

"How can agents maintain safety under prompt injection, tool poisoning, and adversarial tool responses?"

Building observability and tracing infrastructure to detect and mitigate attacks on agent tool-use pipelines.

LLMTraceFX Agentflow

Current prototypes

Memory Systems

Working with me

I bring a combination of systems engineering experience and research curiosity. Here's what I offer as a collaborator:

Systems depth: experience building production infrastructure at Ona/Gitpod
Open-source credibility: OpenFGA maintainer, GitHub1s contributor
Shipping velocity: multiple research prototypes from idea to working code
Cross-domain: security, distributed systems, and ML infrastructure
Communication: technical writing on Dev.to and Medium

Documents

Research statement (PDF) Resume