whoami

SANTOSH
SUSVEERKAR

a.k.a. Alien-C0de

AI Security practitioner and Offensive Security specialist with 5+ years of dedicated AppSec experience and nearly 20 years of IT engineering background. Combines deep adversarial testing expertise with hands-on Agentic AI and LLM engineering skills to identify, exploit, and mitigate security risks in AI/ML systems and enterprise applications.

LLM Red Teaming Agentic AI Security Prompt Injection OWASP LLM Top 10 AppSec Exploit Development DevSecOps Threat Intelligence OSINT
View Projects Capabilities LinkedIn GitHub
20+
Years in IT
5+
Years AppSec
10+
OSS Projects
AI
Red Teaming

// 01. about me

Who Am I

I'm an AI Security practitioner and Offensive Security specialist who operates at the intersection of adversarial AI research and traditional application security. My work spans vulnerability discovery, exploit validation, attack surface analysis, and the identification of authentication, authorization, injection, and business-logic flaws across complex web and enterprise applications — including AI-integrated systems.

On the AI/LLM side, I design and evaluate multi-agent architectures using LangGraph, LangChain, and ReAct patterns, and I actively research prompt injection, jailbreak techniques, guardrail bypass, adversarial input crafting, and LLM output manipulation to expose real-world risks in AI systems before they reach production.

Beyond offense, I translate every finding into clear, actionable risk intelligence — enabling development, AI/ML, and business teams to strengthen defensive controls and reduce production risk across large-scale environments.

LinkedIn santosh-susveerkar
GitHub alien-c0de
Portfolio alien-c0de.github.io
Status Open to AI Red Team & OffSec Engagements
santosh@alien-c0de:~$
python3 profile.py --mode=full
Initialising AI Red Teamer profile...
 
name = "Santosh Susveerkar"
alias = "Alien-C0de"
exp_yr = 20 # years in IT
 
primary_focus = [
"LLM Red Teaming & AI Security",
"Agentic AI Research",
"Prompt Injection & Jailbreak",
]
 
secondary_focus = [
"AppSec / SAST / DAST",
"Exploit Development",
"DevSecOps & CI/CD Security",
"Threat Intel & OSINT",
]
 

// 02. capabilities

Technical Arsenal

AI / LLM Red Teaming & Security

Specialist capability in adversarially evaluating LLM-based and agentic AI systems. Applies offensive tradecraft to expose AI-specific risks before deployment.

LLM Red Teaming Prompt Injection Jailbreak Testing Guardrail & Safety Bypass Adversarial Input Crafting LLM Output Manipulation AI Model Abuse Testing Hallucination & Grounding Testing Data Poisoning Risks Training Data Extraction AI Supply Chain Risk OWASP Top 10 for LLMs AI Threat Modeling Responsible AI & AI Safety AI Governance & Compliance
Agentic AI & LLM Engineering
LangGraph LangChain ReAct Agent Pattern Multi-Agent Orchestration Supervisor Architecture OpenAI / Claude / Gemini Azure OpenAI / Ollama RAG & Vector Embeddings ChromaDB Prompt Engineering LLM Cost Optimisation Human-in-the-Loop AI LangSmith (Observability) Event-Driven AI Pipelines
Application Security & Offensive Testing
OWASP Top 10 AppSec / Secure SDLC Penetration Testing SAST & DAST API Security Testing Authentication & AuthZ Exploitation Exploit Development & PoC Vulnerability Research Attack Surface Analysis Threat Modeling Risk Assessment Remediation Verification
DevSecOps & Security Automation
DevSecOps CI/CD Security Integration GitHub Advanced Security Dependabot / Secret Scanning Vulnerability Triage Security Automation (Python) SBOM
Offensive Tools & Platforms
Burp Suite HCL AppScan Metasploit Nmap OSINT Frameworks Threat Intelligence
Languages & Frameworks
Python PowerShell Rust (Offensive Tooling) C / C++ ASP.NET / C#
Proficiency Overview
LLM / AI Red Teaming90%
Agentic AI Engineering (LangGraph)88%
Application Security (AppSec)95%
SAST / DAST Execution92%
Python – Security & AI Automation90%
Burp Suite / HCL AppScan90%
DevSecOps & CI/CD Security88%
Threat Intelligence & OSINT85%
Exploit Development & Research82%
Rust (Offensive Tooling)76%

// 03. experience

Professional History

Application Security Specialist / AI Security Researcher
2022 – Present
Atos
AI Security & Agentic AI Red Teaming
  • Designed and developed AI Git Guard — an enterprise Agentic AI security automation platform using Python and LangGraph with multi-agent architecture (Supervisor, Triage, Remediation, Notifier, Reporter, Policy Enforcement) orchestrating autonomous security operations at enterprise scale
  • Implemented ReAct reasoning loops with multi-layer memory for intelligent, context-aware vulnerability triage and autonomous remediation decision-making across Dependabot, Code Scanning, and Secret Scanning alerts
  • Built adversarial testing capabilities including prompt injection testing, guardrail bypass validation, and LLM output manipulation checks against integrated AI components
  • Engineered pluggable multi-LLM support (OpenAI, Claude, Gemini, Azure OpenAI, Ollama) with ~90% LLM cost optimisation, demonstrating deep understanding of LLM behaviour and model-specific vulnerabilities
  • Conducted AI threat modeling and risk assessment for agentic workflows — identifying attack vectors including tool poisoning, agent hijacking, memory manipulation, and chain-of-thought exploitation
Application Security & Offensive Testing
  • Led end-to-end AppSec assessments for HR and finance portals handling sensitive employee data, identifying authentication/authorisation logic flaws posing privilege escalation risk
  • Executed SAST and DAST assessments with false-positive triage and remediation validation, identifying critical OWASP Top 10 vulnerabilities including SQL Injection and broken authentication
  • Delivered security testing for enterprise-scale customer-facing web applications across UAT and production environments, preventing exploitable vulnerabilities from reaching production
  • Translated technical findings into actionable security reports enabling technical and non-technical stakeholders to understand risk, remediation steps, and deployment readiness
  • Coordinated and mentored application security teams (2–3 members) on assessment methodology and quality assurance
LLM Red Teaming LangGraph Agentic AI Prompt Injection AppSec SAST DAST OWASP Top 10 Burp Suite GitHub Advanced Security
Solution Architect
Oct 2016 – Sep 2022
Atos IT Solutions and Services
  • Led technical presales and solution design for enterprise clients using ServiceNow and automation platforms; developed cost models, technical proposals, and solution architectures for RFPs
  • Defined transition and implementation plans addressing security, compliance, and architectural risks; reviewed proposed architectures for access control and integration risk exposure
  • Collaborated with security, architecture, and delivery teams to meet enterprise governance and compliance standards
ServiceNow Solution Design Security Architecture Enterprise Governance
Technical Lead
Dec 2009 – Sep 2016
Atos IT Solutions and Services
  • Architected middleware & integration systems with enforced authentication, authorisation, and encrypted communication across ServiceNow, CA SDM, and Tibco platforms
  • Conducted security-focused code reviews and vulnerability assessments for custom-built integration services
  • Provided technical guidance to teams on secure design and implementation practices
Middleware Security Integration Architecture Code Review ServiceNow Tibco
Senior Software Engineer
Jun 2006 – Nov 2009
Mahindra Satyam
  • Developed secure applications using ASP.NET and C#.NET with emphasis on input validation and secure authentication
  • Implemented security controls for financial applications managing sensitive investor and transaction data
ASP.NETC#.NETSecure CodingFinTech
Senior Software Engineer
Sep 2004 – Jun 2006
IBM Global Services Ltd.
  • Built enterprise applications with attention to data integrity, access control, and secure handling of business data in large-scale, process-driven IT environments
VB.NETEnterpriseIBM

// 04. projects & research

Open Source Arsenal

🤖
Agentic AI Git Guard
Enterprise-grade Agentic AI security automation platform built with Python & LangGraph that integrates with GitHub Advanced Security (GHAS) to autonomously fetch, triage, prioritise, and remediate Dependabot, Code Scanning, and Secret Scanning alerts at scale. Features multi-agent orchestration, ReAct reasoning loops, autonomous fix PR generation with CI self-correction, natural language security querying, and ~90% LLM cost optimisation. Includes adversarial robustness testing of agent behaviours and LLM outputs.
Python LangGraph Multi-Agent GitHub GHAS OpenAI / Claude RAG / ChromaDB
GitHub
🌐
Web Matrix
Automated reconnaissance framework supporting early-stage security assessments through network scanning, service enumeration, and web security analysis. Generates structured outputs to accelerate vulnerability discovery and attack surface mapping.
Python Nmap Reconnaissance Web Security
GitHub
🔐
IP Intel Pro
Threat intelligence and OSINT aggregation tool that collects and correlates IP reputation, geolocation, and abuse data from 7+ sources (VirusTotal, AbuseIPDB, AlienVault OTX, and more). Supports reconnaissance, contextual risk analysis, and security investigations.
Python Threat Intel OSINT VirusTotal
GitHub
🛡️
Secure Release
Python-based security automation framework for SAST, secret scanning, dependency analysis, and API vulnerability detection. Integrated into CI/CD workflows for continuous security assessment and risk prioritisation during release cycles.
Python DevSecOps CI/CD SAST
GitHub
🦀
Black Hat Rust
Collection of offensive security programs written in Rust — exploring memory-safe systems-level red team tooling and low-level exploitation techniques with a focus on modern adversarial tradecraft.
Rust Offensive Security Red Team
GitHub
📊
GitHub Security Reporter
Enterprise-grade automation platform that transforms raw GitHub Advanced Security data into structured, multi-format security intelligence reports (Excel, PDF, HTML) for security teams and governance stakeholders.
Python GitHub API Security Reporting
GitHub
📡
Telegram Scrapper
OSINT scraping tool that extracts user info, channel/group data, and chat history from Telegram in structured CSV format for intelligence-gathering workflows and threat analysis.
Python OSINT Telethon
GitHub
⚔️
Exploit Research & PoC Development
Ongoing research into memory corruption, logic flaws, and exploitation techniques. Builds proof-of-concept exploits and payloads to validate real-world impact. Extends into AI/ML model exploitation, adversarial machine learning, and LLM vulnerability discovery.
Exploit Dev Vuln Research AI/ML Security
GitHub
View All Repositories

// 05. education & certifications

Knowledge Base

Post Graduate Diploma in Cyber Defence
Vinoba Bhave University
2024
Bachelor of Engineering – Computer Science
University of Mumbai
2001
ITIL v3 Foundation
Certified Blockchain Architect
OffSec Certifications — In Progress

// 06. contact

Let's Collaborate

Open to AI red team engagements, offensive security collaborations, LLM security research discussions, and DevSecOps consulting. If you're building something that matters in AI or security — let's talk.

LinkedIn santosh-susveerkar GitHub alien-c0de Portfolio alien-c0de.github.io
Available for AI Red Team Engagements & Offensive Security Collaborations