Jascha's README.md

I'm a technologist with over 30 years of experience building secure, scalable systems at the intersection of AI, cybersecurity, and cloud infrastructure. Currently focused on developing next-generation AI security solutions.

Current Work

I'm building the future of AI security at ThirdKey, where we're creating next-generation AI systems for enterprise security and automation. Our research explores the intersection of artificial intelligence, cryptography, and defensive security.

Active Projects

Symbiont An AI-native, privacy-first programming language and agent framework for autonomous, policy-aware software development. symbiont.dev

SchemaPin A cryptographic protocol that ensures tool schema integrity for AI agents, preventing "MCP Rug Pull" attacks by enabling developers to sign schemas and clients to verify them. schemapin.org

AgentPin An open registry and verification protocol for AI agent identity. agentpin.org

ToolClad Declarative .clad.toml manifests that define typed parameters, command construction, output parsing, and policy metadata for AI agent tools. The LLM fills parameters — the executor validates and constructs commands. toolclad.org

TrustVer Provenance-aware versioning for AI-era software. Know how much effort an update requires, who or what wrote it, and what verification was applied. trustver.org

Security Research

My recent work focuses on AI system security, exploring both offensive and defensive perspectives:

AgentNull A comprehensive AI System Security Threat Catalog with proof-of-concepts demonstrating security considerations for Agents, MCP, and RAG systems.

VectorSmuggle Research into covert channels using vector embeddings, demonstrating data exfiltration techniques within legitimate RAG operations to help security teams build better defenses.

HarmonyDagger A security-focused system including CLI, API, and deployment tooling.

Professional Background

Throughout my career, I've focused on:

• AI Security & Research — Developing secure AI systems and identifying vulnerabilities
• Cloud Architecture — Designing and implementing large-scale infrastructure on AWS and hybrid environments
• DevOps & Automation — Building CI/CD pipelines and infrastructure-as-code solutions
• Cybersecurity — Offensive and defensive security, threat modeling, and security architecture

Organizations

• ThirdKey — AI Security Research & Development
• RoshiGroup — Technology Consulting
• Tarnover — Infrastructure & Security