Vladyslav L.

Project overview:

The project provides specialized, project-based Senior ML Security Engineering consultation for Alibaba Group's proprietary LLM division. Operating within an airgapped, SCIF-level laboratory, the focus is adversarial robustness and operational security redteaming for frontier models. Alibaba's Qwen series began with the beta release in April 2023 under the name Tongyi Qianwen, with Qwen-7B open-sourced in August 2023 and Qwen-72B released in December 2023. The Qwen2 series launched in June 2024 with 72B parameters, Qwen3 followed in April 2025, and Qwen3-Coder was open-sourced in July 2025.

Responsibilities:

• Researched BPE tokenizer manipulation to construct prompts that appear benign visually but decode into malicious system instructions, exploiting ASCII smuggling and Unicode normalization gaps.
• Engineered an air-gapped automated fuzzing framework to probe the safety refusal vector, focusing on multi-turn dialogue poisoning where an attacker gradually shifts the context window before injection.
• Designed and validated a hierarchical supervision mechanism in which a smaller, older-generation model (e.g., Qwen-7B, released August 2023) acts as a policy sentinel, monitoring and evaluating the outputs of a newer, more capable model (e.g., Qwen2-72B, released June 2024). The sentinel model detects alignment drift and potential security bypasses by leveraging its simpler, more predictable decision boundaries, flagging anomalous responses for further inspection without requiring human oversight in the loop.
• Quantified memorization rates using canary string injection methodology to assess the efficacy of differential privacy applied during fine-tuning.
• Directed kernel-level isolation strategies using gVisor (open-sourced by Google in May 2018) and seccomp profiles to enforce air-gap integrity at the container runtime. Integrated eBPF (introduced with Linux 3.18 in 2014) for unauthorized syscall tracing.

Achievements:

Identified and patched a Unicode Tag Sequence Injection vulnerability in a prerelease customer-support agent. Developed a fuzzing harness using Hypothesis (property-based testing library first released circa 2016) that revealed a 12% edge-case failure rate in the RLHF safety classifier. The implemented double-model supervision framework reduced false negatives in security audits by 41% compared to single-model filtering.

Technology stack:

Project overview:

This project involved building a proprietary predictive intelligence platform for a Belgian fintech firm focused on cryptocurrency risk mitigation. The system was engineered as a loss-prevention agent designed to forecast negative market shocks by triangulating over 400 heterogeneous data streams. LLMs were integrated into the sentiment pipeline using the most advanced models available during the project timeline: BERT (2018) for initial embedding work, followed by GPT-2 (staged release February–November 2019) and SentenceBERT (August 2019) for semantic similarity and panic classification

Responsibilities:

• Architected an asynchronous streaming framework to normalize real-time feeds from WebSocket APIs, blockchain nodes, and social platforms. Deployed Redis Streams (introduced with Redis 5.0 in November 2018) for highthroughput backpressure management.
• Deployed Sentence-BERT following its August 2019 release to analyze Telegram and Twitter corpora. The model was prompted via few-shot classification to distinguish between "coordinated FUD campaign" and "legitimate technical concern," calculating Jensen-Shannon Divergence between rolling language distributions to detect narrative hijacking events.
• Developed a multi-factor anomaly detection model using XGBoost (first public version 2014, Python package released January 2018) and Isolation Forests (incorporated into Scikit-learn circa 2016). The system monitored liquidity pool constant product changes and "dev wallet velocity."
• Built a dashboard displaying SHAP value contributions (first Python package released May 2017) for each alert and GPT-2-generated natural language summaries of alert rationales for portfolio manager audit, following the full 1.5B parameter release in November 2019
• Utilized TimescaleDB (first stable 1.0.0 release September 2018) as a PostgreSQL extension for efficient storage and querying of market data with subsecond latency requirements.

Achievements:

The system flagged 89% of monitored rug pull events with a 4–6 hour lead time. During the 2020 "Black Thursday" volatility spike, the sentiment velocity algorithm provided a 12-minute early warning, reducing client exposure by an estimated 22% relative to market benchmarks. The Sentence-BERT-enhanced sentiment layer improved F1 score on panic detection by 27% compared to prior lexicon-based models

Technology stack:

Project overview:

The engagement involved a comprehensive adversarial audit of the TEMU mobile application's personalization engine, focusing on the intersection of privacy controls and behavioral psychology exploitation. The primary objective was to instrument the application to detect and classify a proprietary "Compulsive Spending Propensity Model" - an algorithmic layer designed to identify users exhibiting shopaholic or impulse-buying behavior patterns. LLMs were employed to semantically analyze ad copy and UI strings, leveraging models released during the project window: LLaMA 2 (July 2023) for initial prototyping, followed by Mistral 7B (September 2023) for production dark pattern classification.

Responsibilities:

• Developed custom Frida instrumentation (first released 2014) to log micro-interactions including dwell time, scroll velocity, and cart abandonment patterns on both iOS and Android clients. Applied HDBSCAN clustering (Python package first released August 2016) to identify "Frequent Spenders" vs. "Shopaholic Hesitaters"
• Deployed a fine-tuned Mistral 7B instance (released September 2023) to perform semantic and linguistic analysis on ad copy and UI strings. The model was trained on FTC dark pattern taxonomies (FTC staff report "Bringing Dark Patterns to Light" released September 2022) to detect "Confirm Shaming," "Forced Action," and "Scarcity Bias Exploitation". The LLM pipeline automatically flagged dynamic UI strings that changed based on the user's detected psychological segment.
• Used differential testing across devices running iOS 17 (released September 2023) and Android 14. Applied XGBoost and LightGBM (first open-sourced August 2016, stable release January 2017) attribution modeling to prove probabilistic graph linking via IP subnets and device telemetry, maintaining 99.4% confidence interval re-identification despite disabled IDFA/GAID.
• Mapped push notification timing to detected "Low Willpower Windows," confirming behaviorally dynamic pricing models and dark pattern targeting of psychologically vulnerable cohorts.

Achievements:

The audit isolated a 23-feature behavioral fingerprint used to score users on a "Purchase Vulnerability Index." Users in the top quartile of this index received 340% more enforced gamified pop-ups and 72% more loss-aversion push notifications than control profiles. The Mistral 7B-powered dark pattern classifier achieved 96% precision in identifying manipulative language variants served exclusively to high-propensity users.

Technology stack: