> security engineer

Antonio Karam

Security engineer working on zero-day vulnerabilities and AI security automation.

My work revolves around critical vulnerability research, risk modeling, remediation guidance, and AI automation.

// About

I am a security engineer working on critical and emerging vulnerabilities. I find and analyze zero-day vulnerabilities, reproduce exploits, trace root cause through source code, and test enterprise products and patches adversarially to find bypasses. I also develop tooling that vulnerability response relies on. Most recently, I built an AI-enabled internal security automation platform across backend, frontend, cloud infra, and CI/CD, alongside scalable autonomous AI agents and MCP servers that triage and score vulnerabilities.

B.S. Computer Engineering · University of Notre Dame · Magna Cum Laude

// What I Work On

01

AI-Enabled Security Automation Platform

An internal security automation platform for vulnerability management throughout the lifecycle.

  • Designed and built backend, frontend, cloud infra, and CI/CD components.
  • Built AI validation workflows using prompt engineering, evaluation pipelines, and output guardrails.
  • Reached up to 98.2% accuracy on the tuned validation fields.

React · Node.js · OCI · Jenkins · Docker · Prompt Engineering · Evaluation Pipelines

02

Autonomous Scoring Agents and MCP Tooling

Scalable autonomous agents and MCP servers that automate the triage and scoring of vulnerabilities.

  • Built an agent that scores vulnerabilities on its own at roughly 92% accuracy, replacing an estimated 2,000+ hours of manual scoring.
  • Built MCP servers and agent skills that let AI tools query security data and review findings.
  • Scaled the agent infrastructure to handle high volumes of findings.

AI Agents · MCP · LLM Evaluation · Agent Harness · Automation

03

Zero-Day Research and Patch Validation

Finding and validating critical vulnerabilities in enterprise products.

  • Discovered zero-day vulnerabilities through black-box, gray-box, and white-box red-team engagements against enterprise products.
  • Validated and analyzed vulnerabilities by reproducing exploits and tracing root cause through source code.
  • Tested products and patches adversarially to find bypasses and provide remediation guidance to product teams.
  • Consolidated and prioritized surges of incoming vulnerability reports, aligning development and security teams on the highest-impact fixes.

Vulnerability Research · Red Teaming · PoC Development · Source Analysis · Patch Validation

04

Rapid Exposure Analysis for Emerging Vulnerabilities

Fast exposure analysis when a critical vulnerability goes public.

  • Reverse-engineered public exploits and built proof-of-concept code for concrete risk assessment.
  • Tracked exploit activity, mitigations, and IoCs as they developed.
  • Delivered exposure assessments that product and security teams used to prioritize response.

Exposure Analysis · Reverse Engineering · Threat Intelligence · IoCs · PoC Development

// Public Projects

FreeCell Reverse Engineered AI Agent

Reverse engineered Windows XP FreeCell using static and dynamic analysis. Implemented AI search algorithms to find an optimal win strategy.

LLM Cybersecurity Knowledge Evaluation

Evaluated cybersecurity knowledge of LLMs against questions from CompTIA Security+, CISSP, and OSCP.

Encryption Utility

Implemented RSA, El Gamal, Elliptic Curve, and CKKS cryptographic schemes using GMP and HEAAN in C.

// Skills

Security Analysis

Vulnerability AssessmentZero-Day ResearchRed TeamingExploit ReproductionRoot Cause AnalysisPatch ValidationRemediation ReviewRisk ModelingExposure AnalysisCVSS

Security Tooling

PythonJavaScriptTypeScriptNode.jsReactJavaREST APIs

Cloud & Delivery

OCIDockerJenkinsCI/CDAnsibleLoad BalancersMonitoringLogging

AI for Security Operations

Prompt EngineeringFew-shot PromptingEvaluation PipelinesLLM EvaluationRAGAI AgentsMCPWorkflow AutomationGuardrails

Research & Systems

Source Code AnalysisStatic AnalysisDynamic AnalysisNetworkingReverse Engineering

// Archive

[ + ]

Earlier academic and personal work.

kalshi-kit

Open-source Python toolkit for building, paper-testing, and analyzing trading strategies on Kalshi prediction markets. REST + WebSocket clients with RSA-PSS auth, paper broker simulating fills from live orderbook updates, DuckDB session capture, and lag-correlation diagnostics.

Beating the Bookmakers

Ensemble voting binary classifier (Random Forest, Gradient Boosting, Neural Networks) predicting NFL game winners. 0.831 F1 / 0.884 AUC.

NavigAIte

AI-powered itinerary planner using LLMs for dynamic travel plans with real-time bookings, mapping, and calendar sync.

Linear Feedback Shift Register Chip

8-bit LFSR chip in Verilog. Won the Google-sponsored eFabless GF180nm shuttle. Passed Multi-Project Wafer and Tapeout tests.

Semiconductor Diode Laser Research

Multi-input parallel test-bed software with GUI for semiconductor laser data acquisition and long-term parameter tracking in Python.

Dunne Hall Website

Built, deployed, and managed dunnehall.com.

Music & Happiness

Spotify user trends correlated with happiness index, education, and GDP by country over time.

Storage Finder

Tool for researchers to identify appropriate data storage given visibility, scale, and compliance constraints.

Peer to Peer File Sharing

Server/client programs for peer-to-peer data exchange using fundamental networking principles.

Multithreaded HTTP Client/Server

Parallel HTTP client and Pub/Sub server with channels in Python, Bash, and C/C++.

Operating Systems Fundamentals

Process Scheduler (FIFO, Round Robin), Heap Management (malloc, calloc), and File System (Unix) in C/C++.

// Contact

For work inquiries, collaboration, or interesting security problems, feel free to reach out.