Research & Development Projects

Trained the Python node of a "Mixture-of-Models" (MoM) mesh of specialized small language models on Qwen2.5-Coder-1.5B. A two-phase DoRA SFT (r=64, ~4.6% trainable params) over 476K decontaminated instances (CPython docs, Flask/Requests source, issues/PRs, CVEs, and execution-verified synthetic problems) raised HumanEval to 70.7% pass@1 and library/API tasks to 71.4%. A GRPO variant with an execution-verified composite reward (80% sandbox pass/fail) pushed MBPP to 72.5% and spec-driven problem-solving to 76.7%. Shipped as 2 models and an evaluation dataset on Hugging Face.

Architected secure middleware for Model Context Protocol (MCP) servers and clients. Implemented a post-quantum Kyber-768/X25519 hybrid Key Encapsulation Mechanism (KEM) integrated into a Noise XX handshake. Built decentralized identifier (DID) identity verification, a 3-tier inputs sanitizer (homoglyphs, mixed-script, control characters), rate limiting, and semantic similarity guardrails to prevent injection, spoofing, and MITM attacks.

Designed a novel loss formulation mitigating catastrophic forgetting in continual learning. Engineered a phase-aware loss strictness scheduler driven by expected output entropy, combined with a Leitner-box retry-escalation mechanism. Evaluated across TAMU HPRC clusters using synthetic datasets and GLUE benchmarks on BERT/GPT-2.

Built a hybrid dependency upgrade analysis engine in Go combining native AST structural call-graph extraction with LLM reasoning (Gemini/Gemma) to evaluate upgrade safety. Natively parses Go, Python, and Node.js codebases, filtering cosmetic diffs while flagging structural breaks, signature alterations, exception semantics, and call-chain removals. Features CI/CD integrations for GitHub Action annotations and Slack Block Kit webhooks.

Fine-tuned and evaluated self-correction behaviors in LLMs. Executed LoRA SFT on Qwen2.5-Coder-7B-Instruct using CodeContests. Analyzed severe out-of-distribution performance shifts on HumanEval (57.93% vs 50.61% baseline), MBPP (4% vs 0%), and Codeforces (8.7% vs 0%), documenting the fragility of SFT correction patterns.

Conducted an enterprise threat modeling study mapping risks of unauthorized LLM use (Shadow AI) to industry frameworks (NIST CSF 2.0, NIST AI RMF, ISO/IEC 42001, OWASP Top 10 for LLMs). Defined multi-tiered mitigation controls including tenant restrictions, Semantic Prompt Firewalls, and sandboxed local RAG systems.

Developed a secure browser extension running DistilBERT locally via ONNX Runtime Web. Engineered a Hybrid Scoring and Visibility Engine to detect prompt injections and sensitive PII leaks, defeating tag-splitting, indirect injection, and asynchronous exfiltration channels.