CISSP  ·  CAISP  ·  CVE Author  ·  Published Researcher

Vijay Tikudave

>_

Cybersecurity professional with 10+ years of progressive experience across Telecom, BFSI, and Technology sectors. Expert in application security, AI/ML threat modeling, and adversarial red teaming. Author of AgentWars — peer-reviewed AI security research, Zenodo 2026. Recognised by Apple · Google · Mozilla. Currently AVP at Citi India.

View Research Connect
10+
Years Exp.
8
CVEs Published
3
Hall of Fames
CISSP
CAISP
Top Certs
// whoami

Profile Summary

Cybersecurity professional with 10+ years of progressive experience across Telecom, BFSI, and Technology sectors. Proven expertise in vulnerability management, secure design reviews, and DevSecOps practices.

Skilled in OWASP Top 10, threat modeling (STRIDE), and application security testing. Hands-on experience with Python automation, SAST/DAST tooling, and CI/CD security integration across enterprise environments at scale.

Expanding domain expertise into Security Architecture and AI/ML Security — LLM threat modeling, adversarial ML defenses, agentic AI security, and secure AI pipeline design. Author of AgentWars (Zenodo DOI: 10.5281/zenodo.20311618) — an open-source benchmark evaluating security gateways against rogue LLM agents. Holds CAISP, one of the first in the domain. Recognised by Apple, Google, and Mozilla with multiple CVEs.

profile.sh — vijay@0ffsecninja
~$ cat profile.json
roleAVP – Sr. VA Analyst
@ Citi India
status● ACTIVE
certs  CISSP   CAISP   AWS-Sec
focusAppSec · AI/ML Sec
Red Team · Arch
sectorsBFSI · Telecom · Tech
educationB.E. CS — Mumbai Uni
~$ 
// core competencies

Skills & Expertise

Application Security
OWASP Top 10SANS Top 25 Secure SDLCThreat Modeling STRIDEDREAD Secure Code ReviewVA/PT
AI / ML Security
LLM Red TeamingPrompt Injection Agentic AIOWASP LLM Top 10 Adversarial MLMCP Security MITRE ATLASNIST AI RMF
Security Architecture
Zero TrustCloud-native MicroservicesAPI Gateway BFSI DesignTelecom Sec Risk Architecture
Cloud Security
AWS Security SpecialtyAzure AZ-500 Multi-cloudScoutSuite PacuDocker
DevSecOps
CI/CD SecuritySAST/DAST Shift-LeftOSSTMM SonarQubeSemgrep
Red Teaming & Automation
Burp SuiteMetasploit Nmap / NessusSQLmap PythonLangGraph Kali Linux
>_ technical toolbox
AI / ML Security
GarakModelscan LangGraphOpenRouter MCPMITRE ATLASNIST AI RMF
Web & Network
Burp SuiteZAP AppScanSQLmap NmapNessusMetasploit
Code & SAST/DAST
SonarQubeIBM AppScan SemgrepJavaPython
Frameworks
OWASP Top 10OWASP LLM MITRE ATT&CKNIST CSF OSSTMM
// career timeline

Professional Experience

Oct 2023
Present
Citi India
AVP – Sr. Vulnerability Assessment Analyst
Citi India
Lead end-to-end VA & penetration testing for HR tech platforms and internal applications across global programs. Conduct threat modeling sessions (STRIDE) and secure coding workshops for engineering teams. Perform security architecture reviews advising on Zero Trust and cloud-native controls. Expanding scope into AI/ML security — evaluating LLM risk exposure, prompt injection surfaces, and agentic AI tool-execution risks for GenAI initiatives.
STRIDEZero Trust AI/ML SecurityVA/PT Security ArchitectureGenAI Risk
Feb 2020
Oct 2023
Amdocs
Team Lead – Cybersecurity Testing
Amdocs
Delivered security assessments for major telecom clients across web, API, and cloud environments. Integrated DevSecOps practices in CI/CD pipelines using OSSTMM methodology, reducing vulnerability leakage into production. Mentored a global delivery team, improving assessment quality and security maturity. Contributed to security architecture input for client platform redesigns at telecom-grade standards.
DevSecOpsOSSTMM Telecom SecurityTeam Lead CI/CD
Jun 2018
Jan 2020
Ernst & Young
Consultant – Cybersecurity
Ernst & Young (EY)
Performed security testing for corporate and personal banking platforms across web and mobile channels. Conducted source code reviews and penetration tests for ATM & BASE24 systems in highly regulated banking environments.
Banking SecuritySource Code Review Mobile SecurityATM / BASE24
Dec 2015
May 2018
Syntel
Security Analyst – Information Security
Atos Syntel Ltd.
Executed network and cloud security assessments for a global financial services firm. Identified vulnerabilities across routers, switches, and firewall environments; delivered actionable remediation guidance to operations teams.
Network SecurityFirewall Cloud AssessmentFinancial Services
// security research & disclosures

Research & CVEs

ZENODO · MAY 2026
Published Research
AgentWars: Can AI Stop AI? Benchmarking Security Gateways Against Rogue LLM Agents
Vijay Tikudave DOI: 10.5281/zenodo.20311618 github.com/etho0/AgentWars
Designed and open-sourced AgentWars — a benchmark where an offensive LLM agent attempts data exfiltration, file corruption, and privilege escalation in a sandboxed environment, while a defensive security gateway attempts to stop it in real time. Zero exfiltration across all 18 gateway-enabled runs (25 battles, 5 model pairings, 3 attack scenarios). Discovered gateway-awareness poisoning — a novel attack surface (RI = 0.868, context corruption persisting 31 consecutive reasoning steps). Introduced three novel evaluation metrics: Reasoning Integrity Score, Context Poison Steps, and Adaptive Resilience.
Reasoning Integrity Score Context Poison Steps Adaptive Resilience Gateway-Awareness Poisoning LangGraph · GPT-4o · Claude 3.5 · DeepSeek R1 · Llama 3.3 70B
Featured Project — Open Source
AI Security Gateway — Dual-Mode LLM + MCP Security System
github.com/etho0/ai-security-gateway Python · Streamlit · MCP · OpenRouter · NVIDIA Nemotron · Claude 3.5 Haiku
Built a dual-mode AI security gateway protecting against prompt-layer attacks (injection, jailbreaks) and AI tool execution risks via the Model Context Protocol (MCP). Engineered MCP Security Policy layer that intercepts every Claude-emitted tool call before execution — enforcing path rules, a 14-tool allowlist, traversal detection, and LOW/MEDIUM/HIGH/CRITICAL risk scoring. Implemented hybrid prompt guard: instant regex → Nemotron LLM reasoning → graduated BLOCK/WARN/ALLOW decisions.
MCP Security Policy Prompt Injection Defence Tool-Call Interception Blast-Radius Scoring
published cves & coordinated disclosures
CVE-2021-23972 MEDIUM
HTTP Auth Phishing Protection Bypass
Bypassing phishing prevention on HTTP auth prompts, enabling credential harvesting.
Mozilla Firefox
CVE-2021-2735 MEDIUM
Insecure Session Termination
Session tokens not properly invalidated on logout, allowing credential reuse.
Telegram Desktop
CVE-2021-44230 HIGH
Security Flaw — Burp Suite Enterprise
Vulnerability affecting enterprise security testing deployments at scale.
PortSwigger / Burp Suite
CVE-2020-17448 HIGH
One-Click File Execution Protection Bypass
Bypassing Telegram Desktop's file execution protection on Windows.
Telegram for Windows
CVE-2020-12474 MEDIUM
IDN Homograph Spoofing via Chat URLs
Internationalized domain homograph attack through chat URLs and deep links.
Telegram
CVE-2020-10570 MEDIUM
Passcode Bypass via Feature Conflict
Conflicting feature interaction exploited to bypass passcode authentication.
Telegram
CVE-2019-3962 MEDIUM
Content Injection / UI Spoofing
Content injection enabling spoofing of interface elements in Nessus scanner.
Tenable Nessus
HOF — GOOGLE VERIFIED
Android Application Vulnerability
Responsibly disclosed vulnerability in Google's Android application ecosystem.
Google Security Hall of Fame
// security hall of fame
Apple — Hall of Fame (2021)
Google — Hall of Fame (2020)
Mozilla — CVE-2021-23972
// credentials & certifications

Certifications & Credentials

🏆
CISSP
Certified Information Systems Security Professional · ISC²
Credly Verified
🤖
CAISP
Certified AI Security Professional — Among first in domain
Credly Verified
☁️
AWS Security – Specialty
Amazon Web Services
Credly Verified
🔷
Azure Security Engineer
Microsoft AZ-500
Credly Verified
🏗️
AWS Solutions Architect Associate
Amazon Web Services
Credly Verified
☁️
AWS Cloud Practitioner
Amazon Web Services
Credly Verified
⚔️
CEH
Certified Ethical Hacker · EC-Council
// establish connection

Get In Touch

Open to advisory roles & research collaboration

Open to security advisory engagements, AI/ML security research collaboration, and senior leadership opportunities in offensive and defensive security.

LinkedIn GitHub
research & publications
AgentWars — Zenodo Paper AgentWars — Source Code AI Security Gateway