Head of Threat Research Β· Agentic AI Security & Decision-Rights Β· AI SOC + OT/ICS Β· SecOps Β· Board Member
Working on the architectural floor for AI agents that take irreversible actions. The thesis in one line: investigation is reversible, actuation is not β and the gate for the write side has to be code the agent cannot reach, evaluating a manifest the agent cannot rewrite.
Three primitives carry the architecture:
manifest.action_class = "irreversible" // declared upstream by publisher
deterministic.gate = outside_loop // code the agent cannot reach
worst_case.chain_rule = governs_chain // composed actions inherit the worst class
Twelve-plus years across threat research, AI-driven SOC detection and response, OT/ICS security, cyber-range exercise design, cyber-crime investigation, and web/mobile/application security.
| Project | Status | Scope |
|---|---|---|
| OWASP AISVS |  |
C9.2.6 (manifest-declared action class) + C9.2.7 (worst-case chain rule) merged into C09 research chapter, proposed for v1.01 |
| OWASP SPVS |  |
V5.6.5 IR decision-rights (PR #14), V1.3.7 NHI runtime decision-rights (PR #15), supply-chain (Issue #13) |
| OWASP Cornucopia (Agentic AI) | |
Action-authority taxonomy (Issue #3018) |
| OWASP GenAI Security Project | |
Reversibility-graded authority into Agentic AI Threats & Mitigations v1.1 (Issue #13) |
| CSA NHI v1.0 |  |
Peer review June 2026 |
Prior OWASP leadership: AppSec India Co-Leader (2016β2020) Β· OWASP Indore Chapter Leader (2017β2018)
|
Reference implementation of OWASP AISVS C9.2.6 + C9.2.7: manifest-declared action class, deterministic gate, worst-case chain rule. JSON schema + Python. |
NHI runtime decision-rights companion to OWASP SPVS V1.3.7. Identity provenance verification, token freshness, action-class authorization. |
The full architectural reference. 18 chapters across 5 parts (Problem / Architecture / Standards Anchor / Applied Patterns / Implementation) + closing. Develops the four-class reversibility taxonomy (read-only / reversible / external-reversible / irreversible), manifest-declared classification, worst-case chain rule, and the architectural floor that makes the gate resistant to prompt injection. Anchored in OWASP AISVS C9.2.6 + C9.2.7 (proposed for 1.01, merged into AISVS main 2026-05-27).
Cross-substrate convergence catalog (10 substrates): OWASP AISVS Β· CSA IAM WG Β· PieterKas/agent2agent-auth-framework Β· SANS AI Security Maturity Model Β· CSA AARM Β· Identient AuthR Β· Digital Identity Forum Β· CSA NHI Β· James A Bex AI Engineering Handbook Β· Riddhi Mohan Sharma EHV.
Long-form essays on AI agent security, decision-rights, reversibility-graded authority, and contribution methodology. Three essays published June 2026 (~9,900 words + 7 figures):
- The Decision-Rights Plane: An Architectural Gap in AI Security β the missing primitive at layers 4 and 5
- Investigation Is Reversible. Actuation Is Not. β the read/write architectural fold as design primitive
- What I Learned Contributing Across Five Standards Surfaces β the cross-surface contributor method
- Interview with Mayur Agnihotri β Science Of Cyber Security (Oct 2017)
- Conviction Of Digital Crime β National Cyber Defence eMagazine (Aug 2016)
- PenTest: Penetration Testing in Linux β PenTest Magazine (Mar 2016)
- PowerShell For Penetration Testing β PenTest Magazine (Jan 2016)
- Predictions For Cyber Security in 2016 β eForensics and Hakin9 (Dec 2015)
LDAP server flaw research (Red Hat) and web-application vulnerability disclosures across major brands.
| Role | Org | Period |
|---|---|---|
| Information Security Specialist | StraightArc Technologies | 2020 to present |
| Board Member | SkyVirt | 2017 to present |
| Senior Subject Matter Expert | TCS iON | 2022 to present |
| Board of Studies | Ramachandra College of Engineering | 2023 to present |
| CHFI Item Writer | EC-Council | 2016 to present |
| Director | ARNE Solutions | 2016 to present |
| Technical Committee | Digital 4n6 Journal | 2016 to 2018 |
| Team Member | National Cyber Defence Research Centre | 2016 to 2018 |
π Udaipur, India Β· β± GMT+05:30
Vendor-neutral standards work. Decision-rights for AI agents, reversibility as the architectural floor, manifest-declared action class as the standards-side answer.