Threat-intelligence platforms
Production pipelines that turn raw reporting into structured, queryable intelligence: ranked, deduplicated, and stitched into evolving stories.
I design AI systems for threat intelligence.
I design and ship AI systems that turn noisy external reporting into structured, verifiable threat intelligence, and the multi-agent workflows analysts use to query it.
Agentic workflows
Multi-step LLM systems where planning, retrieval, formatting, and validation are separated on purpose.
Schema-first AI outputs
Typed contracts and verification layers replace brittle happy-path prompting, so every downstream stage consumes structure.
End-to-end ownership
Workflow design, data modeling, cost control, observability, and the analyst interfaces that consume the output.
HOW I WORK
Built around structure, verification, and operational clarity.
Signal to structure
Turning unstructured reporting into normalized entities, clusters, timelines, and analyst-ready intelligence.
Agentic orchestration
Designing multi-step LLM workflows where planning, retrieval, formatting, and validation are separated on purpose.
Reliability by design
Using schema-first outputs, verification loops, and bounded repair paths instead of brittle happy-path prompting.
Production ownership
Building with cost control, observability, deployment discipline, and downstream consumers in mind from the start.
CASE STUDY 01
AI-First CTI Pipeline
A per-item state-machine pipeline that ingests external cybersecurity reporting, runs schema-first AI enrichment, clusters and links stories across days, and ranks them by a 7-signal importance score.
Open case study →
CASE STUDY 02
Agentic CTI Investigator
An investigation system built on a reasoning router that emits a typed execution plan, a parallel step DAG, and declarative skill packs, producing grounded answers, reports, and proactive briefings.
Open case study →