╔══════════════════════════════════════════════════════╗
║ astitva@github:~$ whoami ║
║ > Lead AppSec Engineer. Security tooling builder. ║
║ > 6 years breaking things. Now building what's ║
║ missing. ║
╚══════════════════════════════════════════════════════╝
By day — product security at OutSystems: threat modeling, vulnerability management, HackerOne, and an internal agentic pipeline that automates the parts of AppSec that shouldn't need humans.
By night — open-source security tooling at the intersection of AppSec and AI agents.
🔴 Paranoid
LLM-powered iterative threat modeling CLI
STRIDE · MAESTRO · DREAD scoring · Multi-provider (Anthropic / OpenAI / Ollama) · Async Python
Built because threat modeling is critical and consistently under-resourced. Paranoid makes it fast enough to actually happen.
Targeting DEF CON Arsenal · null India · Nullcon
MCP server for token-efficient AI coding agent context
Go · SQLite FTS5 · Tree-sitter · 11 languages · v1.0.0
Gives AI coding agents structured, token-efficient codebase context — with blast radius detection, dead code analysis, and hybrid search. Zero-dependency binary.
Languages → Go · Python · (some JS when necessary)
AppSec → Burp Suite Pro · Checkmarx · Semgrep · Wiz ·
AI / Agents → Anthropic API · LangGraph · MCP Protocol · Ollama
DevSecOps → GitHub Actions · Docker · K8s · AWS · Azure
Frameworks → STRIDE · MAESTRO · OWASP ASVS · NIST AI RMF · GDPR · DPDPA
📍 India · Open to remote roles
"Security that doesn't ship doesn't secure anything."


