I don't just secure AI—I build with it, and I secure the way I build
AI-augmented engineering with a security engineer's judgment
I ship production systems using AI coding agents daily—inside isolated, reproducible environments with the same threat-modeling, review gates, and audit discipline I bring to client systems. Speed from automation; trust from judgment.
Build Philosophy
How AI-augmented building stays accountable
Correctness > security > speed
AI accelerates the work, but nothing ships on velocity alone. Output is judged on whether it is correct, secure, and maintainable—then fast.
Judgment over volume
Generating code is cheap; deciding what is worth shipping is not. I treat agent output as a proposal to be reviewed, threat-modeled, and tested—never as a finished answer.
Reproducible & reviewable
Every environment and change is defined as code so it can be rebuilt, reviewed, and audited. If it can't be reproduced and explained, it isn't done.
The Build Loop
From idea to shipped—securely
Plan
Spec, constraints, acceptance criteria before any code.
AI-assisted build
Agent-assisted implementation inside an isolated workspace.
Guardrails & review
Threat-model, self-review the diff, run lint/tests.
Ship
Small, atomic commits with a clear, reviewable history.
Verify
Confirm against acceptance criteria; capture evidence.
The Isolated Workspace
Browser-streamed, ephemeral, agent-ready
I develop inside reproducible, browser-isolated workspaces built on Kasm Workspaces with Cursor IDE and Kali/Ubuntu variants. Environments are defined as Docker images and roll out consistently—no local machine sprawl, no snowflake laptops, and a clean blast radius for agent-assisted work.
Browser isolation
Workspaces stream to the browser; the dev environment stays off the local host.
Ephemeral & reproducible
Images are rebuilt from source, so a workspace is disposable and consistent.
Scoped access
Each workspace gets only the access its task needs.
Review gates
Agent-assisted changes are reviewed and tested before they leave the workspace.
Guardrails & Judgment
Keeping AI-assisted code audit-ready
Threat-model the change
Untrusted input, injection, secrets, and access paths are considered before merge—not after an incident.
Human review of every diff
I read what the agent wrote. Nothing merges that I can't explain and defend in review.
Tests, lint, typecheck
Automated gates run on changes so regressions surface before deploy, not in production.
No secrets in code or logs
Credentials live in env/secret managers; telemetry is structured and redacted.
Stack at a Glance
The tools behind the practice
Cloud & Platform
Security
Development
AI
AI-Augmented Build Practice
I operate AI coding agents daily—and apply the same threat-modeling to my own toolchain that I bring to client systems. My public build activity lives on Cursor.
View my build practice on CursorLet's Build Securely Together
If you need secure AI, IAM/PAM, or resilient automation built the way it's described here—reproducible, reviewed, and audit-ready—let's talk.