Works

Works

In the age of AI, those who can attack can defend.
Those who can defend can build.

Client names and specific details are confidential. Cases are presented as Challenge → Approach → Impact.

Security Financial (credit card, securities, guarantee)

Security assessment and penetration testing

Challenge

Risk assessment under OWASP Top 10, PCI DSS, and FISC standards — with findings monetized as business risk and delivered as executive-level reporting for investment prioritization.

Approach

Comprehensive assessment of web apps, APIs, and infrastructure from an attacker's perspective. Threat modeling and risk prioritization — translated into business language for executive decision-making.

Impact
  • Over ¥1.2B in potential loss exposure identified and remediated; zero data breach incidents across all 10 engagements.
  • PCI DSS, FSA guidelines, and FISC standards: 100% compliance achieved across all engagements.
PentestSecurityFinancial
Data Finance, insurance, manufacturing, healthcare, ad agencies, consumer brands

Secure data infrastructure design as the foundation for AI systems

Challenge

AI and ML systems are only as trustworthy as the data they run on. Most clients had pipelines optimized for reporting speed — without the access controls, data lineage, or governance that production AI requires.

Approach

Designed data infrastructure with AI readiness and security as first principles: governed pipelines, access-controlled DWH architecture, and reproducible ETL. The same foundations power both analytics and AI model training.

Impact
  • Monthly dashboard creation automated from 130 hours to zero; ad reporting from 20 hours/week to 2 hours.
  • CPA reduced by 32% through cross-channel attribution; credit scoring accuracy improved from 60% to 76%.
DataAI InfrastructureGovernanceSecurity
AI Finance, insurance, manufacturing, healthcare, media, advertising, education

ML and generative AI — supervised, unsupervised, and generative

Challenge

In supervised ML, credit scoring accuracy was low and manual review was unsustainable at 800 hours/month. In generative AI, most projects stalled at PoC — root causes were undefined human×AI responsibility boundaries and missing evaluation metrics, not model capability.

Approach

Supervised ML for credit scoring and LTV prediction; causal inference for marketing attribution. For generative AI: defining human×AI boundaries and evaluation metrics before writing any code. RAG and agentic systems designed with security from the ground up — because we know where the attacks come from.

Impact
  • Credit scoring balanced accuracy improved from 60% to 76%; manual review reduced from 800 to 50 hours/month.
  • RAG retrieval precision improved from 0.72 to 0.91; AI-assisted review time reduced from 2 hours to 15 minutes per case.
MLGenAIRAGZeroTrust

OSS

Open source security tools and developer utilities — MIT licensed, built in public.

View all OSS projects →