Selected as a 2025 RSA Security Scholar, representing the intersection of AI security, vulnerability research, and offensive red teaming at one of the world's premier security conferences.
- π AI/ML Infrastructure Security β agentic workflow exploitation, RAG hardening, prompt injection, MCP attack surface, model file deserialization, GPU memory corruption
- π οΈ Offensive Security β adversary emulation, red teaming, fuzzing, symbolic execution, n-day exploit development, kernel research
- π€ Adversarial ML β jailbreaking, attention-head attacks, safety alignment failures, predictive multiplicity (Rashomon attacks)
- π§ Cryptography β LLM-driven CTF generation, JWE/JWT bypasses, authenticated encryption pitfalls
- βοΈ Cloud Security & DevSecOps β application security reviews, threat modeling, secure SDLC
- π Standards & Governance β NIST OLIR, OWASP, ISO/IEC 42001
Original vulnerability research across the AI/ML stack: orchestration, agents, inference engines, tokenizers, model serializers, and security tooling itself.
| CVE | Target | Class | Severity | Notes |
|---|---|---|---|---|
| CVE-2026-33017 | Langflow | Unauthenticated RCE | Critical 9.3 | π¨ CISA KEV Β· Exploited in the wild within 20 hours of disclosure Β· Federal remediation deadline Β· GHSA-vwmf-pq79-vjvx |
| CVE-2026-32628 | AnythingLLM | SQL Injection (Built-in SQL Agent) | High | GHSA-jwjx-mw2p-5wc7 Β· CWE-89 in agentic tool-call surface |
Valid, technically inarguable findings where the vendor declined to assign a CVE (often through a retroactive documentation shield) but where the underlying issue is real, reproducible, and publicly disclosed.
| Target | Finding | Severity | Status |
|---|---|---|---|
| XGBoost (Γ5) | Heap OOB in tree node access Β· UBJSON parser memory corruption Β· Parallel tree double-free Β· Unsafe pickle.loads() on network data (CWE-502) Β· Hardcoded 0xff99 magic number as Rabit tracker auth (CWE-798) |
Critical / High | Vendor declined ("performance + resourcing"). Full technical writeup published on Medium and LinkedIn. |
Google sentencepiece |
Off-by-4 bounds check in DecodePrecompiledCharsMap enabling OOB read via crafted .model files (UBSan-confirmed) |
Medium | Google VRP Report #498463886 Β· sentencepiece is the tokenizer backbone of Gemma, T5, and PaLM |
Google sentencepiece |
Unvalidated trie values used as piece array indices (heap OOB read, release builds) | High | Google VRP Report #498465599 Β· Upstream fix landed via PR #1207 |
| vLLM | LoRA adapter SSRF β RCE chain | High | Closed via documentation shield. Public writeup. |
| Body | Contribution | Detail |
|---|---|---|
| NIST | OLIR Catalog Mapping (Live) | First AI security framework mapping in the NIST Online Informative References catalog: OWASP LLM Top 10 v2.0 β NIST CSF 2.0, 169 relationship entries covering 77 of 106 CSF subcategories. Listed Point of Contact on the NIST CSRC website. |
Full speaker profile: sessionize.com/aviral-srivastava
| Conference | Year | Talk |
|---|---|---|
| RSAC 2026 | 2026 | From Prompt to Pager: Preparing for AI-Native Incidents Now |
| ISACA North America 2026 | 2026 | Breaking the Loop: Offensive Testing of RL and Agentic AI Systems |
| CactusCon 14 | 2025 | Agents Under Siege: Live Attacks from RAG to Tool Calls |
| CypherCon 2025 | 2025 | Deceiving the Deceivers: Offensive Security Strategies for Adversarial AI Attacks |
| BSidesSLC 2025 | 2025 | Filling Gaps in AI Governance: How ISO/IEC 42001 Shapes the Future of AI Risk and Compliance |
| BSidesTC 2025 | 2025 | ROP Alchemy: Universal Gadgets via Type Confusion |
| CactusCon 13 | 2025 | Weaponizing AI: Adversarial Attacks, Hallucinations, and the Offensive Security Frontier |
| HOPE XV | 2024 | Invited Talk (details under NDA) |
| BSidesChicago 2024 | 2024 | Hacking Neural Networks: The Hidden Vulnerabilities of AI Systems |
Coverage of CVE-2026-33017 across major cybersecurity publications. Quoted by name as the discoverer in The Hacker News, Help Net Security, Barrack AI, and Cloud Security Alliance research notes.
- The Hacker News β Critical Langflow Flaw CVE-2026-33017 Triggers Attacks within 20 Hours of Disclosure
- Help Net Security β CISA sounds alarm on Langflow RCE after rapid exploitation
- Infosecurity Magazine β Hackers Exploit Critical Langflow Bug in Just 20 Hours
- Sysdig Threat Research β CVE-2026-33017: How attackers compromised Langflow AI pipelines in 20 hours
- Cloud Security Alliance β Research Notes (Γ2) on the Langflow RCE
- Qualys ThreatProtect β CISA Added Langflow Vulnerability to KEV Catalog
- Barrack AI β Langflow Got Hacked Twice Through the Same exec() Call
- InfoSec Today β Critical Langflow Flaw Triggers Attacks within 20 Hours
- HackerNoon β CVE-2026-33017: Unauthenticated RCE in Langflow's Public Flow Endpoint Explained
- CiberSafety β CVE-2026-33017 in Langflow: Critical vulnerability for RCE without authentication
- π― ZeroDayForge β Full-spectrum adversary emulation and exploit automation framework
- 𧨠Autonomous n-day Linux Kernel Exploit Pipeline β Mac M1 toolchain (radare2, lldb, Ghidra headless) running RECON β AUTO-PICK β 12-POINT SAFETY GATE β PATCH ANALYSIS β ROOT CAUSE β EXPLOIT STRATEGY β COMPILE VERIFY, producing Exploit-DB-format
exploit.cartifacts - π‘οΈ Multi-Agent CVE Hunting Pipeline β Claude Code agent team (Recon Β· Auditor Β· Exploiter Β· Reporter) governed by a 14-rule submission framework and a 4-gate filter (unauthenticated Β· default config Β· no doc shield Β· core feature)
- π§ͺ LLM-Driven Cryptographic CTF Generator β Automated cryptographic challenge generation system (MS Thesis, Penn State)
- π Security Engineer (L4) β Amazon Ads Security, Sunnyvale, CA (2025 β Present) AppSec reviews, threat modeling, penetration testing, AI/ML security, agentic workflows, prompt injection, RAG hardening
- π§ͺ Security Internships (6Γ) β Malware reverse engineering, secure DevOps, GRC
- π§βπ« Teaching Assistant β Red Teaming, CTFs, Penn State β Led offensive security labs and workshops
- π MS in Cybersecurity Analytics & Operations β The Pennsylvania State University GPA: 4.0 Β· Research Assistant Β· RSA Security Scholar Thesis: AI-Generated Cryptographic CTF Challenges
- π BTech in Computer Science β Amity University Focus: Cryptography, Secure Systems, Network Security
- π₯ RSA Security Scholar 2025
- π Cybersecurity Innovator of the Year β BSides Bangalore 2023
- π ISSN Best International Research Award
- π Young Researcher Award
- ποΈ Speaker: RSAC, ISACA North America, HOPE XV, CypherCon, CactusCon (Γ2), BSides (Γ3)
- π HackTheBox PRO HACKER β Top 200 Global Β· πΊπΈ Rank #24
Β· HTB Profile
π¬ "The more they secure, the more we exploit. The future belongs to offensive AI."