Systems Thinker · Systems Architect · Tech & Engineering

Michael
Groberman

I take things apart and put them back together. Systems, software, the occasional firmware.

Principal Consultant @ Capco · CISA ICSA-26-055-03 · Anthropic Cyber Verification Program · michael@groberman.tech · LinkedIn · GitHub
14+
Years engineering
and architecture
10
CVEs published
via CISA / CERT
14
Workbench modules
on one enterprise graph
500+
MCP tools shipped
in the Workbench
About

Engineering and security research.

14+ years across cloud architecture, application security, and AI/ML engineering.

Creator and operator of the AI Augmented Security Workbench (RedAI) — 500+ MCP tools, multi-provider native across Claude, OpenAI, xAI, Gemini, Gemma, and local Ollama, with Quorum multi-model adjudication, RAG knowledge-graph memory, full per-turn cost/latency observability, and air-gapped local inference — plus the open-source MCP servers, control plane, and embedded libraries underneath it.

Recent independent work credited in CISA federal advisories, covered in SecurityWeek, and coordinated with CERT/CC and Idaho National Laboratory. Member of Anthropic's Cyber Verification Program.

Selected Work

Things I’ve built and shipped.

Show

gr0m-agents +

Pre-release / WIP

Multi-agent coding-team scaffold built around Anthropic's When AI builds itself operating model. An orchestrator delegates to explorer, implementer, and tester subagents; an automated reviewer gates every merge. A triage layer routes each task to the right model tier — Codex, Gemini, Ollama, or any CLI backend.

Multi-agent Claude Code MIT

gr0m_mem +

Open source

Zero-install persistent memory MCP server. Gives Claude and other MCP-compatible agents a durable knowledge layer across sessions. pip install gr0m-mem

MCP Python MIT

mac-mcp +

Open source

Native macOS control for Claude Desktop and other MCP clients. Swift + AppKit + Accessibility + OSAKit. Window management, app focus, file system, screenshots, scripting bridges.

MCP Swift Accessibility

linux-mcp +

Open source

Native Linux control via MCP. 32 typed allow-listed tools covering shell, filesystem, X11/Wayland windowing, processes, and clipboard. Companion to mac-mcp.

MCP Rust X11/Wayland

tailnet-mcu +

Open source

Join an ESP32 or Raspberry Pi Pico W to your Tailscale network over WireGuard. Mutually exclusive Wi-Fi / BLE radio modes, an optional subnet-router tunnel, and a constant-time token-gated service transport — reachable across your tailnet, never the public internet.

Arduino WireGuard Tailscale

claude-dev-hardware +

Open source

A fork of Anthropic's claude-desktop-buddy: ESP32 (M5StickC Plus) firmware that turns a 3D-vector desk pet into a hardware permission remote for Claude Code. WiFi + WireGuard, a multi-transport bridge (serial / BLE / LAN / VPN), and an MCP control surface with GPIO and a single-channel logic analyzer.

ESP32 MCP PlatformIO

vince-client +

Open source

Python client for the CERT/CC VINCE coordinated-disclosure platform. Case management, archiving, and change detection — built during a multi-month coordinated disclosure to keep an auditable local history of every case update.

Python VINCE API CERT/CC

Glasswing & the shorter risk cycle +

Whitepaper · 2026

Co-authored Capco Intelligence piece on Anthropic’s Project Glasswing — AI-accelerated vulnerability discovery and what compressed flaw-to-exploit timelines mean for patching, prioritization, and response in financial services.

Capco AI Security FS Risk
Perspective

How to view your enterprise security.

Over fourteen years of engineering across financial services, management consulting, and independent security research shaped this methodology — including coordinated disclosure work that put ten CVEs into a CISA federal advisory and membership in Anthropic’s Cyber Verification Program. The same failure pattern shows up in every enterprise: queues, dashboards, risk registers, and compliance frameworks each holding their own version of the truth, while attackers operate on the only model that matters — the graph. What follows is the operating thesis behind RedAI: how I think about an enterprise before any tool runs, and the model the Workbench is built to maintain.

01 / Vulnerability management
Live graph maintenance, not a queue.

Most programs treat vulnerabilities as a backlog. The graph treats them as edges — between an asset, a weakness, an exploit, and what they reach. Hygiene is keeping the graph current. Prioritization falls out of which edges actually close attack paths.

02 / Remediation
By reachability and blast radius.

A critical CVSS on an unreachable node ranks below a medium one a step from your crown jewels. Remediation is a graph-reduction problem — which fix collapses the most reachable, high-impact paths per unit of effort, not which patch has the loudest score.

03 / Incident response
Traversal, not playbook lookup.

From an IOC, walk backward to find the real blast radius and forward to find what’s still at risk. Containment becomes a choice about which edges to cut, with the cost of each cut visible. The week-long tabletop reconstruction becomes a query.

04 / GRC
Graph coverage, audit-grade.

Controls protect edges. SOX, PCI, HIPAA, NIST, EU AI Act, OWASP LLM — frameworks are mappings from control families onto regions of the graph. Compliance posture is real when those mappings hold under threat traversal, and theatrical when they don’t. The graph makes the difference legible to auditors and engineers at the same time.

05 / The enterprise
One typed graph, not parallel truths.

Hosts, identities, data classes, third parties, controls, weaknesses, TTPs as typed nodes. Edges as trust, exposure, exploit-path, control-effectiveness. Dashboards, SIEM rules, risk registers, BIA documents become views over one model — not parallel sources of competing truth.

06 / Object model
Every event extends one base class.

A vulnerability, a violation of controls, a breached account, a regulatory policy change, a threat-intel hit, an IR finding — treat them as subclasses of one base graph object. Same detection, correlation, prioritization, routing, audit, and closure framework across the lot. New event types extend the base; the operating discipline doesn’t fragment per category. Object-oriented security at the model layer.

07 / Zero trust, evolved
Trust is an edge attribute, not a perimeter.

The original framing — network microsegmentation, verify per request, identity at every hop — was perimeter-shaped at heart. The shift: trust is now a per-edge attribute on a typed graph, continuously re-scored as identities authenticate, code ships, agents act, third parties change posture, and weaknesses surface. Autonomous agents and supply-chain reality made the wall metaphor insufficient. The graph is the model that scales with what verification has to mean now.

08 / Downstream impacts
Materialized in seconds.

Given a compromise of node N: which data, which services, which customers, which regulators? Answered in seconds, not after a week of analyst hours. Tabletop exercises become regression tests over the graph — rerun nightly, drift-detected, audit-trailed.

09 / Exploitation velocity
Vs. remediation velocity.

Attackers weaponize new classes of weakness at a measurable rate. So does your program close them. The number that matters is the gap between the two — per edge class, not in aggregate. Aggregate metrics hide the mismatches that cost you.

10 / Closing the gap
The point of the platform.

The Workbench exists to make remediation velocity catch up to exploitation velocity on the edges that matter — reachable, high-impact, fast-exploiting. The multi-model adjudication, the agent fleet, the control plane, the unified object model, the zero-trust edge attributes — they exist to make that economically feasible at enterprise scale.

The model

The enterprise graph.

One typed graph. Every node is a subclass of one base class. Every edge carries a continuously re-scored trust attribute. Every event — vulnerability, control violation, breached account, regulatory change, threat-intel hit, IR finding — lands here, and the Workbench operates on it through one framework. Illustrative slice below; production graphs run to millions of nodes. Drag the canvas to orbit, scroll to zoom, click any node to inspect.

Types
Slice by segment / env
Segments
Envs
Illustrative slice of the enterprise graph Typed nodes — identities, hosts, controls, third parties, data classes, weaknesses — connected by trust edges (amber), weakness edges (red dashed), and control edges (green). Customer Records is the central data-class node. User · identity Service Acct · identity Vendor SaaS · 3rd-party Auth Proxy · IdP API Gateway · host CVE-2026-XXXX · weakness App Server · host DB Server · host Customer Records DATA CLASS · PII / PCI MFA Policy · control Segmentation · control

Static fallback shown. The interactive 3D view needs WebGL. Check get.webgl.org · Chrome: enable hardware acceleration at chrome://settings/system · details at chrome://gpu

Node Typed subclass of one base graph object — identity, host, data class, control, weakness, third party, event, finding. Same lifecycle, ownership, severity, audit, and routing hooks regardless of subclass. New event types extend the base.
Trust edge Solid amber. The trust attribute is per-edge and re-scored continuously as identities authenticate, code ships, agents act, third parties change posture. Zero trust expressed at the model layer.
Weakness edge Dashed red. A vulnerability or misconfiguration on the related node, with reachability and exploit-availability scoring on the edge itself.
Control edge Solid green. A control’s coverage of an edge. Compliance posture is graph coverage — controls protect edges, and gaps are queryable in the same model as everything else.
Frontier AI

What the frontier is — and why it’s hard.

Three diagrams — concepts, not blueprints. Nothing here is the Workbench’s architecture; it is the structural reality of frontier AI itself: what these systems actually are, why building on them is an engineering problem in its own right, and why the gap they create is the problem worth tackling.

D01 · What it is
Experts all the way up.
agent L2 · agents of experts adjudication panel L1 · experts of models L0 · models of experts — MoE routing inside every frontier model

A frontier model is already a routed committee — mixture-of-experts steering every token to specialist subnetworks. The same pattern repeats above it: model families composed into adjudication panels, panels composed into agents. Fluency at one layer is table stakes; the depth is in composing all three.

D02 · Why it’s hard
The ground moves quarterly.
Q1 Q2 Q3 Q4 Q5 new modes, new failure modes / quarter durable abstractions — stable while the families churn capability

Families ship new reasoning modes, context economics, and failure modes every quarter. Anything bolted to one vendor’s current shape gets rebuilt every cycle; anything built on durable abstractions compounds instead. The hard part isn’t using a frontier model — it’s building something that survives the next five of them.

D03 · Why it matters
The widening gap.
exploitation velocity remediation velocity the gap time AI compresses flaw-to-exploit faster than flaw-to-fix

The same capability curve that powers the tooling compresses the time from disclosed weakness to working exploit — faster than it compresses time-to-fix. That widening gap, measured per edge class rather than in aggregate, is the challenge actually being tackled. Everything else on this page is in service of closing it.

The stack · independent pieces, compounding together

The pieces are deliberately independent — each deploys, runs, and earns its keep alone. The compounding is in the seams: the workbench gains governed model access, the chat platform gains the tool fleet, and the control plane sees every margin across both.

D04 · Gr0m-LLM
One gateway, every margin visible.
agents tools apps pipelines control plane route · budget cache · redact trace · eval A B C providers any consumer, any provider — one set of books

A control plane between everything that consumes models and everyone who provides them — cost-optimal routing, per-agent budgets, prompt-cache discipline, redaction at ingress, integrity evals over every trace. Consumers never see provider shapes; providers never leak into the fleet. Runs standalone in front of any stack.

D05 · gr0m_chat
Isolation as the default unit.
session files tool exec session files tool exec session files tool exec container container container shared platform — memory · artifacts · models blast radius of any failure: one user, by construction

A multi-tenant agent platform where every user’s sessions, files, and tool execution live in their own container — sandboxed rendering, thread-scoped artifacts, per-conversation memory. A failure or prompt injection is contained to one tenant by construction, not by policy. Also standalone.

D06 · Composed
Independent alone, compounding together.
RedAI Gr0m-LLM gr0m_chat governed calls operators models standalone standalone standalone value compounds at the seams one graph of work, cost, and evidence across all three

Each piece earns its keep on its own. Composed, the workbench gains governed model access, the chat platform gains the tool fleet, and the control plane sees every margin across both — one graph of work, cost, and evidence. The value isn’t in any single box; it’s in the seams.

The Workbench

RedAI · AI Augmented Security Workbench.

One operator surface for everything below the perspective. Modules that maintain the graph, walk it under attack, and translate findings into the language each audience speaks — engineering, GRC, executive, regulator. Per-turn analytics, automation with a human touch at every gate, and a knowledge layer that recursively improves engagement-over-engagement.

The stack
M01
AI model red teaming

14 attack categories aligned to OWASP LLM Top 10 and MITRE ATLAS — prompt injection, jailbreak, system-prompt extraction, data leakage, RAG poisoning, agent tool abuse, model extraction, membership inference.

M02
Vulnerability management

Continuous discovery + Qualys/Tenable normalization onto the typed graph. Prioritization by reachability, blast radius, and exploit availability — not raw CVSS.

M03
Remediation

Graph-reduction planner. Picks the fix set that collapses the most reachable, high-impact paths per unit of effort and routes work to the team that owns the edge.

M04
Incident response

Playbooks executed as graph traversals. Containment recommendations show the cost of each cut. Post-incident: blast radius is queryable, not reconstructed.

M05
GRC & AI governance

SOX, PCI, HIPAA, NIST CSF/AI RMF, EU AI Act, OWASP LLM, MITRE ATLAS — mapped onto graph regions. Compliance posture is graph coverage; gaps are queryable.

M06
Topology & attack-surface

The graph itself, browsable. Hosts, identities, data classes, third parties, controls, weaknesses, TTPs as first-class nodes; trust, exposure, exploit-path, control-effectiveness as edges.

M07
Exploit chain analysis

Multi-step path construction across the graph. Surfaces the chains a real attacker would build before they build them — ranked by feasibility and impact, not theoretical reach.

M08
Threat modeling

System and AI/ML threat models generated from the graph and refined by adjudicated reasoning. STRIDE for systems, MITRE ATLAS for ML, both as first-class outputs.

M09
Threat intelligence

CVE feeds, exploit-availability tracking, vendor advisories, ATT&CK technique correlation. Intelligence lands on the graph as evidence linked to the assets it threatens — not as a separate inbox to triage.

M10
Executive reporting

Audience-appropriate translation. Engineers get reachable paths and PRs. GRC gets control-coverage deltas. Executives get exploitation-velocity vs. remediation-velocity, dollarized.

M11
Brain & knowledge graph

Two-tier memory: vector retrieval for evidence recall, typed graph for attack-path traversal and cross-engagement correlation. Findings persist; the next engagement starts smarter.

M12
OSINT

Continuous open-source collection — certificate transparency, exposed services, code-leak monitoring, credential-dump correlation, dark-web mentions, social-surface attribution. Findings land on the graph with provenance and confidence; every artifact is queryable, not just searchable.

M13
Obsolescence management & remediation

Lifecycle tracking for every node — firmware versions, OS releases, library dependencies, hardware EOL dates, container-image freshness. Obsolescence becomes a graph attribute driving prioritization alongside CVE exposure and reachability. End-of-life is a queryable property, not a spreadsheet.

M14
Blue & purple teaming

Detection engineering, response orchestration, hardening sprints, joint red/blue exercises. Every step logged to the graph — recon move, detection trigger, containment action, debrief note — with operator, timestamp, and reasoning. Audit-grade by construction; purple teams become repeatable regression suites.

Discuss the RedAI Workbench → Request a walkthrough → LinkedIn →
Experience

14+ years of engineering across financial services, management consulting, security, and enterprises.

Sep 2025 — Present
Principal Consultant — Capco, Technology & Engineering

GenAI SME and one of the core engineers in the GenAI Innovations Lab. Technical PM on an M&A-driven M365 migration (identity, Exchange, SharePoint, Teams). Architected a serverless M365-native AI pipeline (Azure Functions + Azure AI Search RAG + Copilot Studio), made internal services ChatGPT-native via Custom GPTs and OpenAPI Actions, and built AI solutions for financial-services clients — including MCP and Claude agent development.

M365Azure FunctionsAzure AI SearchCopilot StudioMCPOpenAI Codex
Oct 2024 — Present
Independent Consulting — Security Research & Software Engineering

Conducted full-stack vulnerability research on a consumer IoT ecosystem — firmware, mobile app, cloud API, and administrative endpoints — resulting in a CISA-published federal advisory. Built legal-automation systems (Google Apps Script + Rust) for a law firm covering eCourts case monitoring, Clio CRM integration, Google Calendar due-date sync, and automated court-rules compliance. Operating the AI Augmented Security Workbench — Quorum multi-model adjudication, RAG knowledge-graph memory, cost/latency observability, and agent-based orchestration for vulnerability management, remediation, incident response, GRC, and AI model red teaming.

Vulnerability researchCISA/CERTPythonRustMCPClaude API
Aug 2023 — Jul 2024
Change Management Lead — JPMorgan Chase, Wealth Management

Architected M365 solutions (Power Platform, Teams, SharePoint Online) to enhance collaboration and operational scalability within J.P. Morgan Wealth Advisors. Migrated SharePoint sites from legacy environments, improving document organization and advanced search via CAML/KQL. Owned end-to-end design and maintenance of SharePoint Online sites, document libraries, and pages — pioneering data governance and user adoption practices.

SharePoint OnlinePower PlatformCAML/KQLGovernance
Sep 2022 — Aug 2023
Change Management Lead — First Republic Bank, Private Wealth

Re-architected the intranet UX in M365 post-JPMorgan acquisition, refining content management via enterprise meta-attributes and advanced indexing. Oversaw post-acquisition document migration enforcing RASCI-based governance. Built PowerApps with third-party API integrations, centralizing data and aligning with Dynamics 365 to unify the bank’s technology stack.

M365PowerAppsDynamics 365RASCI
Jan 2019 — Mar 2021
Director of Information Technology — Brosnan Risk Consultants

Led application architecture for an ERP platform: front- and back-end enhancements, API integration, data normalization, and secure cloud deployments. Deployed and managed 2,000+ encrypted mobile devices (Android/iOS) under Samsung Knox and IBM MaaS360. Architected a Dynamics 365 ticketing system for 200+ users integrating Azure AD, Power Automate, SQL Server, and AWS Lambda data pipelines.

ERP architectureDynamics 365Samsung KnoxAWS Lambda
Oct 2015 — Dec 2017
Director of Information Technology — Enzo Custom Clothiers

Deployed a web-based operations platform on Salesforce integrating CRM, ERP, and POS with REST APIs to overseas production facilities. Built full Cisco Meraki network infrastructure across retail locations with dual-factor auth, domain whitelisting, and USB access controls.

SalesforceREST APIsCisco Meraki
Sep 2012 — Oct 2015
Senior Manager — C&A Consulting LLC

Designed and installed secure network infrastructures ensuring PCI and FINRA compliance across financial and legal client environments. Provided risk assessments and security guidance, employing MDM, endpoint management, and remote device wiping for sensitive data protection.

PCI/FINRANetwork architectureMDM
    Education & Certifications

    Foundations and continuing credentials.

    Education

    Columbia Engineering Software Development / Full Stack Engineering
    2022
    Bergen County Technical AcademiesEngineering
    2004 — 2008

    Certifications

    GenAI Responsible AI AWS Solutions Architect — Associate Salesforce Administrator Google Analytics Salesforce Developer Cisco / Adobe Academies — Web Development
    Get in touch

    Open to interesting work.

    Engineering, AI platform builds, security research, speaking.

    Email is fastest. Encrypted alternatives on request.

    Email me
    Email michael@groberman.tech
    Signal @gr0m.34 ·
    GitHub @MichaelAdamGroberman LinkedIn michael-adam-groberman