In November 2022, the sudden rise of Generative AI captured the world's attention. Like millions of others, I was fascinated by its capabilities. However, as a cybersecurity professional with 15 years in tech—including 9 years dedicated to penetration testing—my excitement was immediately accompanied by critical questions: What are the systemic risks of this technology? How does it impact data privacy and security? And how do we secure it?
Driven by curiosity and a sense of responsibility, I decided to pivot my expertise toward this new frontier. Replicating the exact "Open Learning" methodology I successfully used years ago to teach myself ethical hacking (documented in my Open Learning Program), I built a rigorous, self-directed curriculum from scratch.
I intertwined academic research papers, specialized professional training, and extensive hands-on laboratory testing. This structured deep dive culminated in real-world AI security contributions, leading me to develop the first comprehensive framework specifically dedicated to AI/ML penetration testing on Android applications.
First Comprehensive AI/ML Android Pentesting Framework: Developed a structured methodology mapping traditional mobile application security threats to modern client-side AI integration risks.
Mobile PentestingMethodology MappingAndroid SecurityAI/ML
Hands-on Build Your Own APK Triage MCP Server: The objective is to guide participants through building a custom MCP server from scratch using Python to automate mobile application security testing.
The lab aims to reproduce real-world case scenarios where traditional static analysis bottlenecks are resolved by turning local security tools into callable functions for LLM reasoning engines.
This setup exposes functional API endpoints to Claude Desktop enabling an AI agent to programmatically orchestrate multi-tool analysis pipelines and deliver a complete APK triage report in under five minutes.
Python AutomationMCP Server BuildLLM OrchestrationStatic Analysis
Hands-on Adversarial Example, Image classifier bypass The lab bridges the gap between theoretical AI vulnerabilities and real-world security implications, focusing heavily on how these flaws can be exploited to bypass AI-driven controls in Android applications (such as face unlock, biometric authentication, and content moderation).
Through practical execution and critical reflection, participants will analyze model robustness across varying perturbation thresholds and discuss methodologies for testing Android applications against adversarial exploits during penetration testing engagements.
Hands-on - VerifID - Evasion Attack The objective is to guide participants through executing an evasion attack against an authentication or identification AI model extracted directly from an Android APK application.
By bridging the gap between mobile application reverse engineering and adversarial machine learning, this lab demonstrates how local model extraction exposes on-device AI assets to black-box or white-box evasion techniques.
Evasion AttacksModel ExtractionReverse EngineeringOn-Device AI Security
Hands-on - MediAssist - Training Data Exposure The objective is to place participants in the role of a mobile pentester evaluating MediAssist, an AI-augmented medical assistant mobile application.
The lab explores Training Data Exposure (OWASP AITG-DAT-01).
This lab specifically aims to reproduce real-world case scenarios where organizations inadvertently package non-production assets into mobile apps, allowing participants to experience the exact discovery process an attacker would use.
Training Data ExposureAsset Reconnaissance
Hands-on - Forensic Audit of "RecruitSmart" Android App The objective is to place participants in the role of a Forensic AI Auditor tasked with investigating a regulatory non-compliance scenario.
The exercise closely reproduces real-world legal and intellectual property breach scenarios where companies are suspected of training commercial AI algorithms on stolen or unauthorized datasets.
Forensic AI AuditingCompliance VerificationDataset IP Auditing
Hands-on - TasteBot - Runtime Exfiltration The objective is to simulate an advanced, runtime-based pentest against TasteBot, a multi-tenant B2B SaaS platform used by restaurant chains to provide AI-driven dietary recommendations.
The lab aims to reproduce real-world case scenarios where inadequate multi-tenant isolation, unsafe caching mechanisms, and excessive verbose logging expose highly sensitive data to unauthorized tenants.
Interactions with the vulnerable system are performed directly through its REST API, allowing participants to observe how flaws are exposed across different network endpoints.
Hands-on - FinAI Model Inversion attack The objective is to guide participants through executing a confidence-based Model Inversion Attack (MIA) against a client-side credit scoring model extracted from FinAI Advisor, a mobile fintech application.
The lab replicates real-world privacy breach scenarios where proprietary or highly regulated training data patterns are leaked.
Participants operate as authorized security researchers, first using static reverse-engineering tools to extract an unencrypted TensorFlow Lite asset from the application packages.
Model Inversion Attack (MIA)Data Privacy BreachTensorFlow Lite Extraction
Hands-on - SaggioUrbano - Hallucinations The objective is to place participants in the role of an AI security consultant conducting a black-box reliability assessment of SaggioUrbano AI, a mobile-first travel assistant chatbot for the city of Rome.
The lab aims to reproduce real-world case scenarios where LLM inadvertently generate authoritative yet completely false, fabricated, or misleading information.
Operating entirely through the application's chat interface, participants perform application-layer factuality probing to isolate six distinct categories of AI vulnerabilities, ranging from fabricated business entities and phantom academic references to a systematic failure to debunk false user premises.
Created for my course for Master students at SupDeVinci
Hands-on APK Security Analyzer The objective is to guide students through building an automated, AI-driven static analysis pipeline inside a local Python environment to conduct mobile application security assessments.
The exercise replicates real-world dev-secops and pre-pentest automation scenarios where massive static datasets must be triaged efficiently before manual testing begins.
Participants implement multi-stage orchestration scripts to systematically run binary extraction tools against a deliberately vulnerable Android application.
The system extracts high-risk security indicators (insecure manifest configurations, exposed intents, hardcoded vendor credentials, weak cryptographic operations, etc.) and formats them into structured contexts fed into a localized LLM client to compile a final, priority-ranked pre-pentest markdown report.
Training chatbot This tool provides students with an interactive AI tutor designed for self-paced review of the Android application pentest course material.
The objective is to move away from passive reading by enabling students to ask direct questions about concepts they did not fully understand during the course, allowing them to clarify complex topics at their own pace.
Educational TechnologyInteractive Learning
Speaking Engagements
DEF CON (August 2025) Title: Traditional Pentest Meets AI: New Challenges in Android Security Abstract: This presentation explores the evolving landscape of Android application security testing as artificial intelligence becomes increasingly integrated into mobile devices. The talk bridges traditional penetration testing methodologies with emerging AI-specific security challenges, providing practitioners with updated frameworks and tools for comprehensive Android security assessments.
InCyber Talk (October 2024) Title: AI Pentesting vs. Traditional Pentesting: What's Different? Abstract: Join us for a deep dive into how AI pentesting methodologies differ from traditional approaches. Discover the key differences, new challenges, and why adapting your approach to AI security is crucial.
🧠 Skills & Core Competencies
By combining my heavy background in traditional offensive security with advanced Generative AI architectures, I have developed a specialized skill set:
AI/LLM Penetration Testing: Identifying and exploiting vulnerabilities specific to Large Language Models, including prompt injection, data poisoning, and insecure output handling.
Mobile AI/ML Security: Auditing Android applications embedding on-device machine learning models or interacting with cloud-based AI agents.
AI Red Teaming: Simulating adversarial attacks against AI systems using structured roadmaps (MITRE ATLAS, OWASP).
Defensive Alignment & Prompt Engineering: Understanding model constraints, defensive prompt design, and automated task scripting.
Durable Skills Mastery: Beyond technical skills, my growth follows a strict Durable Skills Wheel philosophy focusing on adaptability, critical thinking, continuous learning, and cross-functional communication.
🛠️ Research Frameworks & Global Standards
My training program, strategy, and security methodologies are grounded in the latest global research, workforce trends, and AI safety frameworks: