Neural Alchemy — AI Security
Sanskar Jajoo
AI Security Engineer · LLM Evaluation Systems · Autonomous Red-Teaming
Self-taught, building since March 2025. I design and ship the tools that test whether LLM systems actually hold up under attack — prompt injection firewalls, autonomous red-teaming loops, and CI/CD-style safety regression testing. Based in Raipur, India. Open to remote roles and freelance security work.
11,000+
PromptShield PyPI installs, 5 months
32,000
Adversarial samples published on Hugging Face
3
Self-published research papers on autonomous evaluation
projects / promptshield.py
+11,240 installs
PromptShield v3.1pip install promptshields
public · pypi
Production AI security firewall for LangChain, CrewAI, and LiteLLM — blocks prompt injection and data exfiltration before it reaches your model or your users.
Sub-millisecond initial scan via Bloom Filters + Aho-Corasick, before any ML inference runs
Lightweight Mixture-of-Experts backend (SVM + Linear Regression + Random Forest) catches semantic bypasses heuristics miss
Bidirectional engine — checks the response side too, catching PII leakage and cryptographic canary tokens, not just the input
11,000+ installs in 5 months · 810/month organic, with no new release in that window
projects / safetydiff.py
+new · v1.0
SafetyDiff v1.0pip install safetydiff
public · pypi
The "git diff" for model safety posture — a CI/CD-style regression tool that tells you exactly what got safer or riskier between model versions.
Classifies every safety-run change as Newly Broken, Newly Fixed, or Stable Failure, per attack category
Modular IPI test layers (Email, WebSearch, JSONPayload) stream ASRT-generated datasets automatically from Hugging Face
Deterministic alignment algorithm matches multi-dimensional JSON safety records by attack_id for reproducible diffs
Built for teams switching or fine-tuning models — e.g. verifying Qwen 2.5 → GPT-4o didn't regress on safety
projects / asrt_core.py
access restricted
ASRT — Automated Safety Red-Teaming Loopthe engine behind everything above
private · proprietary
An autonomous attack → execute → judge pipeline that builds its own datasets and improves its own judge over time. Kept closed — it's capable of executing real attacks, and that's not something to open-source casually.
Mass attack harvester mutates inputs via GCG and AutoDAN across 27 threat categories, no human review per sample
Indirect Prompt Injection module embeds payloads in HTML, JSON, email, and document formats to test tool-using agents
4-tier Mixture-of-Experts judge — rule-based → BERT classifier → local LLM → frontier fallback — balances speed, cost, accuracy
Judge Flywheel: edge-case failures feed back into the judge automatically — this is the self-improving loop
Research foundation for this system is public — see publications.bib below
projects / one_context.py
+oss · mcp
one-contextpip install one-ctx
public · pypi
A local MCP server that gives every AI coding tool — Claude, Cline, Codex, Antigravity — shared, persistent memory of a project. No cloud, no API keys.
Organizes project knowledge into WHAT / DONE / NOW / MAP buckets, read and written by any connected MCP client
Git-aware context injection — surfaces current branch, recent commits, and file status on every load
skills.json
{
"security": ["GCG", "AutoDAN", "PAIR", "TAP", "direct + indirect prompt injection", "OWASP LLM Top 10", "RAG poisoning", "LLM-as-judge"],
"ml_engineering": ["PyTorch", "Transformers", "PEFT", "scikit-learn", "AsyncIO", "FastAPI", "Docker"],
"llm_ecosystem": ["Anthropic API", "OpenAI API", "Hugging Face", "LiteLLM", "Ollama", "LangChain", "MCP"],
"practices": ["PyPI packaging", "CI/CD", "automated regression testing", "Bloom filters", "Aho-Corasick"]
}
publications.bib
self-published · zenodo
contact.md
Let's talk about your model's blind spots.
Open to remote AI security roles and freelance red-teaming / evaluation work. Based in Raipur, India — happy to work across time zones.