Research map

Subject Areas

The map is intentionally narrow: adversarial AI systems, understood through software engineering, security, distributed systems, privacy, and infrastructure.

Primary pillar

AI Agent Security

Where does an AI agent's authority actually live? This track studies goal hijack, tool misuse, direct and indirect injection, identity abuse, memory poisoning, plan-of-thought backdoors, and cascading agent failures.

Mixed-trust context and instruction authority.
Tool permissions, secrets, identity, and least privilege.
Persistent state integrity across sessions and agents.

Foundational layer

Transformer Foundations

How do modern AI models compute before they act? This track moves from tokenization and embeddings to attention scores, positional encoding, representation mixing, long context, and retrieval.

Self-attention versus recurrent sequence modeling.
Attention as routing, retrieval, and representation mixing.
Why model mechanics matter for agent behavior.

Comparative lens

Smart Contracts and Agents

Smart contract security offers a useful but imperfect lens for AI agents: adversarial execution, capability limits, reentrancy-like loops, invariants, incentives, and formal reasoning under attack.

Autonomous behavior in hostile environments.
Capability control for wallets, APIs, tools, and contracts.
Where formal methods help and where agents resist them.

Infrastructure layer

Distributed and Cloud-Native Systems

Multi-agent systems are distributed systems with probabilistic nodes. This track covers Kubernetes isolation, AWS IAM, network policy, observability, consensus analogies, and cascading failure.

Agent workloads as isolated infrastructure components.
Network and identity boundaries around tools.
Logs, traces, evals, state, and cost as one observability problem.