Systems Thinker · Systems Architect · Tech & Engineering

Michael
Groberman

I take things apart and put them back together. Systems, software, the occasional firmware.

Principal Consultant @ Capco · CISA ICSA-26-055-03 · Anthropic Cyber Verification Program · michael@groberman.tech · LinkedIn · GitHub
Perspective

How to view your enterprise security.

Over twelve years of engineering across financial services, management consulting, and independent security research shaped this methodology — including coordinated disclosure work that put ten CVEs into a CISA federal advisory and membership in Anthropic’s Cyber Verification Program. The same failure pattern shows up in every enterprise: queues, dashboards, risk registers, and compliance frameworks each holding their own version of the truth, while attackers operate on the only model that matters — the graph. What follows is the operating thesis behind RedAI: how I think about an enterprise before any tool runs, and the model the Workbench is built to maintain.

01 / Vulnerability management
Live graph maintenance, not a queue.

Most programs treat vulnerabilities as a backlog. The graph treats them as edges — between an asset, a weakness, an exploit, and what they reach. Hygiene is keeping the graph current. Prioritization falls out of which edges actually close attack paths.

02 / Remediation
By reachability and blast radius.

A critical CVSS on an unreachable node ranks below a medium one a step from your crown jewels. Remediation is a graph-reduction problem — which fix collapses the most reachable, high-impact paths per unit of effort, not which patch has the loudest score.

03 / Incident response
Traversal, not playbook lookup.

From an IOC, walk backward to find the real blast radius and forward to find what’s still at risk. Containment becomes a choice about which edges to cut, with the cost of each cut visible. The week-long tabletop reconstruction becomes a query.

04 / GRC
Graph coverage, audit-grade.

Controls protect edges. SOX, PCI, HIPAA, NIST, EU AI Act, OWASP LLM — frameworks are mappings from control families onto regions of the graph. Compliance posture is real when those mappings hold under threat traversal, and theatrical when they don’t. The graph makes the difference legible to auditors and engineers at the same time.

05 / The enterprise
One typed graph, not parallel truths.

Hosts, identities, data classes, third parties, controls, weaknesses, TTPs as typed nodes. Edges as trust, exposure, exploit-path, control-effectiveness. Dashboards, SIEM rules, risk registers, BIA documents become views over one model — not parallel sources of competing truth.

06 / Object model
Every event extends one base class.

A vulnerability, a violation of controls, a breached account, a regulatory policy change, a threat-intel hit, an IR finding — treat them as subclasses of one base graph object. Same detection, correlation, prioritization, routing, audit, and closure framework across the lot. New event types extend the base; the operating discipline doesn’t fragment per category. Object-oriented security at the model layer.

07 / Zero trust, evolved
Trust is an edge attribute, not a perimeter.

The original framing — network microsegmentation, verify per request, identity at every hop — was perimeter-shaped at heart. The shift: trust is now a per-edge attribute on a typed graph, continuously re-scored as identities authenticate, code ships, agents act, third parties change posture, and weaknesses surface. Autonomous agents and supply-chain reality made the wall metaphor insufficient. The graph is the model that scales with what verification has to mean now.

08 / Downstream impacts
Materialized in seconds.

Given a compromise of node N: which data, which services, which customers, which regulators? Answered in seconds, not after a week of analyst hours. Tabletop exercises become regression tests over the graph — rerun nightly, drift-detected, audit-trailed.

09 / Exploitation velocity
Vs. remediation velocity.

Attackers weaponize new classes of weakness at a measurable rate. So does your program close them. The number that matters is the gap between the two — per edge class, not in aggregate. Aggregate metrics hide the mismatches that cost you.

10 / Closing the gap
The point of the platform.

The Workbench exists to make remediation velocity catch up to exploitation velocity on the edges that matter — reachable, high-impact, fast-exploiting. The multi-model adjudication, the agent fleet, the control plane, the unified object model, the zero-trust edge attributes — they exist to make that economically feasible at enterprise scale.

The model

The enterprise graph.

One typed graph. Every node is a subclass of one base class. Every edge carries a continuously re-scored trust attribute. Every event — vulnerability, control violation, breached account, regulatory change, threat-intel hit, IR finding — lands here, and the Workbench operates on it through one framework. Illustrative slice below; production graphs run to millions of nodes. Drag the canvas to orbit, scroll to zoom, click any node to inspect.

Types
Segments
Envs
Illustrative slice of the enterprise graph Typed nodes — identities, hosts, controls, third parties, data classes, weaknesses — connected by trust edges (amber), weakness edges (red dashed), and control edges (green). Customer Records is the central data-class node. User · identity Service Acct · identity Vendor SaaS · 3rd-party Auth Proxy · IdP API Gateway · host CVE-2026-XXXX · weakness App Server · host DB Server · host Customer Records DATA CLASS · PII / PCI MFA Policy · control Segmentation · control

Static fallback shown. The interactive 3D view needs WebGL. Check get.webgl.org · Chrome: enable hardware acceleration at chrome://settings/system · details at chrome://gpu

Node Typed subclass of one base graph object — identity, host, data class, control, weakness, third party, event, finding. Same lifecycle, ownership, severity, audit, and routing hooks regardless of subclass. New event types extend the base.
Trust edge Solid amber. The trust attribute is per-edge and re-scored continuously as identities authenticate, code ships, agents act, third parties change posture. Zero trust expressed at the model layer.
Weakness edge Dashed red. A vulnerability or misconfiguration on the related node, with reachability and exploit-availability scoring on the edge itself.
Control edge Solid green. A control’s coverage of an edge. Compliance posture is graph coverage — controls protect edges, and gaps are queryable in the same model as everything else.
The Workbench

RedAI · AI Augmented Security Workbench.

One operator surface for everything below the perspective. Modules that maintain the graph, walk it under attack, and translate findings into the language each audience speaks — engineering, GRC, executive, regulator. Per-turn analytics, automation with a human touch at every gate, and a knowledge layer that recursively improves engagement-over-engagement.

Modules
M01
AI model red teaming

14 attack categories aligned to OWASP LLM Top 10 and MITRE ATLAS — prompt injection, jailbreak, system-prompt extraction, data leakage, RAG poisoning, agent tool abuse, model extraction, membership inference.

M02
Vulnerability management

Continuous discovery + Qualys/Tenable normalization onto the typed graph. Prioritization by reachability, blast radius, and exploit availability — not raw CVSS.

M03
Remediation

Graph-reduction planner. Picks the fix set that collapses the most reachable, high-impact paths per unit of effort and routes work to the team that owns the edge.

M04
Incident response

Playbooks executed as graph traversals. Containment recommendations show the cost of each cut. Post-incident: blast radius is queryable, not reconstructed.

M05
GRC & AI governance

SOX, PCI, HIPAA, NIST CSF/AI RMF, EU AI Act, OWASP LLM, MITRE ATLAS — mapped onto graph regions. Compliance posture is graph coverage; gaps are queryable.

M06
Topology & attack-surface

The graph itself, browsable. Hosts, identities, data classes, third parties, controls, weaknesses, TTPs as first-class nodes; trust, exposure, exploit-path, control-effectiveness as edges.

M07
Exploit chain analysis

Multi-step path construction across the graph. Surfaces the chains a real attacker would build before they build them — ranked by feasibility and impact, not theoretical reach.

M08
Threat modeling

System and AI/ML threat models generated from the graph and refined by adjudicated reasoning. STRIDE for systems, MITRE ATLAS for ML, both as first-class outputs.

M09
Threat intelligence

CVE feeds, exploit-availability tracking, vendor advisories, ATT&CK technique correlation. Intelligence lands on the graph as evidence linked to the assets it threatens — not as a separate inbox to triage.

M10
Executive reporting

Audience-appropriate translation. Engineers get reachable paths and PRs. GRC gets control-coverage deltas. Executives get exploitation-velocity vs. remediation-velocity, dollarized.

M11
Brain & knowledge graph

Two-tier memory: vector retrieval for evidence recall, typed graph for attack-path traversal and cross-engagement correlation. Findings persist; the next engagement starts smarter.

M12
OSINT

Continuous open-source collection — certificate transparency, exposed services, code-leak monitoring, credential-dump correlation, dark-web mentions, social-surface attribution. Findings land on the graph with provenance and confidence; every artifact is queryable, not just searchable.

M13
Obsolescence management & remediation

Lifecycle tracking for every node — firmware versions, OS releases, library dependencies, hardware EOL dates, container-image freshness. Obsolescence becomes a graph attribute driving prioritization alongside CVE exposure and reachability. End-of-life is a queryable property, not a spreadsheet.

M14
Blue & purple teaming

Detection engineering, response orchestration, hardening sprints, joint red/blue exercises. Every step logged to the graph — recon move, detection trigger, containment action, debrief note — with operator, timestamp, and reasoning. Audit-grade by construction; purple teams become repeatable regression suites.

Operating principles
P01
Per-turn analytics.

Every agent turn is instrumented — latency, cost, cache state, evidence used, confidence, dissent in adjudication. The signal is granular enough to debug, aggregate enough to govern.

P02
Automation with a human touch.

Humans-in-the-loop at the gates that matter — exploit detonation, customer-facing disclosure, irreversible remediation, model deployment. Automation handles the toil. Operators handle the judgment.

P03
Recursively improving.

Findings, dead ends, hypotheses, and patterns persist to the knowledge graph. The next engagement inherits the last one. Each scan makes the next scan smarter; each disclosure makes the next disclosure faster.

P04
Identity-aware operations.

Plugs into Okta, Ping, Microsoft Entra ID (Azure AD), or any SAML/OIDC IdP. Findings, tickets, and approvals route by verified identity — the right finding to the right owner, the right gate to the right reviewer, the audit trail carrying real identity instead of free-text names. Smart triage is identity-aware by default.

Frontier discipline
F01
Per-model fluency.

Each frontier family has shape. Claude’s extended thinking and structured prompt-cache hierarchy. OpenAI’s o-series chains and structured outputs. xAI Grok’s real-time data access. Gemini’s million-token context and multimodal grounding. Gemma and local Ollama for air-gapped inference with controlled quantization. The Workbench plays each to its strength — not one model used six ways, six models used one way each.

F02
Context economics.

Context windows aren’t free, and they aren’t equal. Prompt-cache discipline, stable prefix design, retrieval over re-prompt, and per-turn cache-hit telemetry are how a fleet of 500+ tools stays economically defensible. The fleet’s bill reconciles to the dollar because every turn knows what it paid for and what it reused.

F03
Redaction & sanitization.

Nothing reaches a frontier model without going through the hygiene layer. PII, secrets, credentials, and regulated data redacted at ingress; markdown-injection vectors stripped; zero-width and homoglyph characters normalized; HTML and script content from retrieved documents sanitized. Defense against accidental disclosure and indirect prompt injection in one pass — before the bill is paid for the call.

F04
Semantic extraction.

Raw logs, raw PCAPs, raw firmware blobs, raw 10MB reports — the naive move is to dump them into context. The disciplined move is extract the semantic essence first: entities, claims, structured facts, top-K anomalies, code symbols, finding deltas. 10–100× token reduction with no loss in reasoning quality on the questions that actually matter. The bill goes down; the signal goes up.

F05
Reasoning modes, picked deliberately.

Extended thinking, o-series chains, and judge panels aren’t universally better — they’re slower and more expensive. Some security tasks demand multi-step reasoning; some are better served by a fast deterministic response refined by a judge. Per-task routing chooses the right mode; per-turn analytics prove the choice was right and surface drift when it stops being.

F06
Hybrid panels via Quorum.

A single frontier model is a single point of failure on a single class of bias. Quorum runs heterogeneous adjudication — different model families voting on the same security question with task-appropriate ensembles. Dissent is logged, not silenced. Higher confidence when the panel converges; faster human review when it doesn’t.

F07
Multi-threaded by default.

Naive agent loops serialize — one call, wait, next call. The Workbench fans out: independent steps run concurrently across providers, models, and tools, with the orchestrator owning budget, retries, and lineage so concurrency doesn’t mean chaos. Wall-clock drops from hours to minutes on broad scans; batch-API economics kick in where providers support them. Time and cost both move the right direction.

F08
MCP as the durable abstraction.

Models change every quarter; the Workbench’s tool surface doesn’t. Every module is exposed as MCP, callable from any frontier provider that speaks the protocol — and the major ones do. The investment compounds in the tools, not in vendor-specific glue. Vendor risk is structurally bounded.

F09
Anthropic Cyber Verification Program.

Member of Anthropic’s Cyber Verification Program — direct collaboration on frontier-model security evaluation. The discipline the Workbench applies internally to every adjudication is the same discipline carried into frontier safety work upstream.

Discuss the RedAI Workbench → Request a walkthrough → LinkedIn →
About

Engineering and security research.

12+ years across cloud architecture, application security, and AI/ML engineering.

Creator and operator of the AI Augmented Security Workbench (RedAI) — 500+ MCP tools, multi-provider native across Claude, OpenAI, xAI, Gemini, Gemma, and local Ollama, with Quorum multi-model adjudication, RAG knowledge-graph memory, full per-turn cost/latency observability, and air-gapped local inference — plus the open-source MCP servers, control plane, and embedded libraries underneath it.

Recent independent work credited in CISA federal advisories, covered in SecurityWeek, and coordinated with CERT/CC and Idaho National Laboratory. Member of Anthropic's Cyber Verification Program.

12+
Years engineering
and architecture
10
CVEs published
via CISA / CERT
5
Open-source MCP
& tooling repos
500+
MCP tools shipped
in the Workbench
Selected Work

Things I’ve built and shipped.

Show

gr0m-agents +

Pre-release / WIP

Multi-agent coding-team scaffold built around Anthropic's When AI builds itself operating model. An orchestrator delegates to explorer, implementer, and tester subagents; an automated reviewer gates every merge. A triage layer routes each task to the right model tier — Codex, Gemini, Ollama, or any CLI backend.

Multi-agent Claude Code MIT

gr0m_mem +

Open source

Zero-install persistent memory MCP server. Gives Claude and other MCP-compatible agents a durable knowledge layer across sessions. pip install gr0m-mem

MCP Python MIT

mac-mcp +

Open source

Native macOS control for Claude Desktop and other MCP clients. Swift + AppKit + Accessibility + OSAKit. Window management, app focus, file system, screenshots, scripting bridges.

MCP Swift Accessibility

linux-mcp +

Open source

Native Linux control via MCP. 32 typed allow-listed tools covering shell, filesystem, X11/Wayland windowing, processes, and clipboard. Companion to mac-mcp.

MCP Rust X11/Wayland

tailnet-mcu +

Open source

Join an ESP32 or Raspberry Pi Pico W to your Tailscale network over WireGuard. Mutually exclusive Wi-Fi / BLE radio modes, an optional subnet-router tunnel, and a constant-time token-gated service transport — reachable across your tailnet, never the public internet.

Arduino WireGuard Tailscale

claude-dev-hardware +

Open source

A fork of Anthropic's claude-desktop-buddy: ESP32 (M5StickC Plus) firmware that turns a 3D-vector desk pet into a hardware permission remote for Claude Code. WiFi + WireGuard, a multi-transport bridge (serial / BLE / LAN / VPN), and an MCP control surface with GPIO and a single-channel logic analyzer.

ESP32 MCP PlatformIO

vince-client +

Open source

Python client for the CERT/CC VINCE coordinated-disclosure platform. Case management, archiving, and change detection — built during a multi-month coordinated disclosure to keep an auditable local history of every case update.

Python VINCE API CERT/CC

Glasswing & the shorter risk cycle +

Whitepaper · 2026

Co-authored Capco Intelligence piece on Anthropic’s Project Glasswing — AI-accelerated vulnerability discovery and what compressed flaw-to-exploit timelines mean for patching, prioritization, and response in financial services.

Capco AI Security FS Risk
Experience

12 years of engineering across financial services, management consulting, security, and enterprises.

Sep 2025 — Present
Principal Consultant — Capco, Technology & Engineering

Technical PM on an M&A-driven M365 migration (identity, Exchange, SharePoint, Teams) — zero downtime, ~40% cost cut. Architected a serverless M365-native AI pipeline (Azure Functions + Azure AI Search RAG + Copilot Studio) and made internal services ChatGPT-native via Custom GPTs and OpenAPI Actions. Built AI solutions for financial-services clients cutting manual work ~60%. Stood up the engineering lab for MCP/Claude agent development.

M365Azure FunctionsAzure AI SearchCopilot StudioMCPOpenAI Codex
Oct 2024 — Present
Independent Consulting — Security Research & Software Engineering

Conducted full-stack vulnerability research on a consumer IoT ecosystem — firmware, mobile app, cloud API, and administrative endpoints — resulting in a CISA-published federal advisory. Built legal-automation systems (Google Apps Script + Rust) for a law firm covering eCourts case monitoring, Clio CRM integration, Google Calendar due-date sync, and automated court-rules compliance. Operating the AI Augmented Security Workbench — Quorum multi-model adjudication, RAG knowledge-graph memory, cost/latency observability, and agent-based orchestration for vulnerability management, remediation, incident response, GRC, and AI model red teaming.

Vulnerability researchCISA/CERTPythonRustMCPClaude API
Aug 2023 — Jul 2024
Change Management Lead — JPMorgan Chase, Wealth Management

Architected M365 solutions (Power Platform, Teams, SharePoint Online) to enhance collaboration and operational scalability within J.P. Morgan Wealth Advisors. Migrated SharePoint sites from legacy environments, improving document organization and advanced search via CAML/KQL. Owned end-to-end design and maintenance of SharePoint Online sites, document libraries, and pages — pioneering data governance and user adoption practices.

SharePoint OnlinePower PlatformCAML/KQLGovernance
Sep 2022 — Aug 2023
Change Management Lead — First Republic Bank, Private Wealth

Re-architected the intranet UX in M365 post-JPMorgan acquisition, refining content management via enterprise meta-attributes and advanced indexing. Oversaw post-acquisition document migration enforcing RASCI-based governance. Built PowerApps with third-party API integrations, centralizing data and aligning with Dynamics 365 to unify the bank’s technology stack.

M365PowerAppsDynamics 365RASCI
Jan 2019 — Mar 2021
Director of Information Technology — Brosnan Risk Consultants

Led application architecture for an ERP platform: front- and back-end enhancements, API integration, data normalization, and secure cloud deployments. Deployed and managed 2,000+ encrypted mobile devices (Android/iOS) under Samsung Knox and IBM MaaS360. Architected a Dynamics 365 ticketing system for 200+ users integrating Azure AD, Power Automate, SQL Server, and AWS Lambda data pipelines.

ERP architectureDynamics 365Samsung KnoxAWS Lambda
Oct 2015 — Dec 2017
Director of Information Technology — Enzo Custom Clothiers

Deployed a web-based operations platform on Salesforce integrating CRM, ERP, and POS with REST APIs to overseas production facilities. Built full Cisco Meraki network infrastructure across retail locations with dual-factor auth, domain whitelisting, and USB access controls.

SalesforceREST APIsCisco Meraki
Sep 2012 — Oct 2015
Senior Manager — C&A Consulting LLC

Designed and installed secure network infrastructures ensuring PCI and FINRA compliance across financial and legal client environments. Provided risk assessments and security guidance, employing MDM, endpoint management, and remote device wiping for sensitive data protection.

PCI/FINRANetwork architectureMDM
    Education & Certifications

    Foundations and continuing credentials.

    Education

    Columbia Engineering Software Development / Full Stack Engineering
    2022
    Bergen County Technical AcademiesEngineering
    2004 — 2008

    Certifications

    GenAI Responsible AI AWS Solutions Architect — Associate Salesforce Administrator Google Analytics Salesforce Developer Cisco / Adobe Academies — Web Development
    Get in touch

    Open to interesting work.

    Engineering, AI platform builds, security research, speaking.

    Email is fastest. Encrypted alternatives on request.

    Email me
    Email michael@groberman.tech
    Signal @gr0m.34 ·
    GitHub @MichaelAdamGroberman LinkedIn michael-adam-groberman