AI Security · AI Safety · Red Teaming
Adrian Infantes
AI Security Engineer
I protect AI systems from the attacks that haven't been invented yet.
About
I build and break AI systems for one of Europe's largest banks. +6 years at the intersection of AI Engineering and Offensive Security, specialized in Financial Crime environments: AML, Sanctions Screening, KYC/KYB, and Transaction Monitoring. I evaluate, attack, and fortify Foundation Models, RAG pipelines, and Agentic Systems in regulated banking production.
From the math behind the Transformer to the attack surface of the autonomous agent -- first-principles thinking applied to making AI systems secure by design.
⟩ The system behind every commit
Powered by A.R.C.A
I do not just talk about agentic adversarial AI -- I run on one.
A.R.C.A is the personal agentic orchestration layer I built on top of Claude Code. 49 specialized agents (Opus + Sonnet), a 14-cycle ML pipeline across 47 phases, 45 enforcement hooks wired across 11 lifecycle events, 58 slash commands and 20 MCP servers — pure configuration, no runtime. Every line of code on this site, every red-team exercise, every project below passed through its gates before reaching main.
Documented decisions
Every architectural choice ships with a Nygard ADR. 47 numbered records, 36 active across architecture, security, governance and the meta-system itself. Each one lists context, alternatives weighed and consequences.
Adversarial gate chain
math-critic -> debt-detector -> code-critic -> chief-architect. Producing agents (ml/dl/ai-engineer) cannot reach code-critic without math-critic signing off first. 45 bash hook entries wired across PreToolUse / PostToolUse enforce the chain — bypass leaves an audit trail.
Pipeline discipline
14 ML cycles, 47 phases, one blocking gate at every exit — from C1 Discovery to C14 Sunset. No cycle closes without its mandatory artifact (Excalidraw diagram in C1/C4/C6/C10/C12, ADR in C4, model sign-off in C8, rollback plan in C10).
Experience
From data pipelines to AI security architecture
AI Security Architect
BBVA Technology
Protecting AI systems in European banking from adversarial attacks
[Technical details]
Designed the AI Safety architecture (HLD/LLD) for sensitive data processing in Financial Crime environments -- AML, KYC/KYB, and Transaction Monitoring pipelines -- combining NVIDIA infrastructure (DGX + Triton) with Azure Confidential Computing.
- Led AI Red Teaming: 206+ attack vectors evaluated, 7 critical findings remediated pre-deploy
- MLSecOps end-to-end: security gates in CI/CD, Zero Trust, Defense-in-Depth architecture
- Hybrid on-premise + cloud architecture with GDPR and banking regulation compliance
AI/ML Engineer
BBVA Technology
Building secure RAG and fraud detection for financial crime prevention
[Technical details]
Design, development and deployment of AI systems with integrated AI Safety for regulated financial sector environments, combining on-premise GPU clusters and AWS (SageMaker, Bedrock).
- Secure RAG with guardrails (GraphRAG, Self-RAG) on sensitive documentation using FAISS + Elasticsearch
- NLP pipelines processing +10M interactions/year -- ASR, diarization, sentiment analysis
- Fraud detection ensemble models (XGBoost + Transformers) on 50K documents/day
Machine Learning Engineer
Ecoembes
Automating waste classification with computer vision and edge AI
[Technical details]
Technological modernization of waste sorting plants using hybrid cloud + Edge AI architectures, automating classification, logistics optimization and operational analytics.
- Real-time CV classification system: 12 waste types, 85% accuracy, 45K images/hour, <100ms latency
- Logistics optimization: heuristic route algorithms migrated to cloud, -25% km traveled
- NLP assistant: migrated legacy to BERT multilingual, +40% precision in citizen queries
Data Scientist
Capgemini
Modernizing analytics with cloud data pipelines on AWS
[Technical details]
Contributed to the design and modernization of analytical solutions on AWS, working on data pipelines, predictive modeling, BI and automation.
- Data Lake & ETL: consolidated 10+ data sources into S3 with Python and Boto3
- Predictive modeling with scikit-learn for product adoption forecasting
- Serverless automation with AWS Lambda, saving 10 hours/week per analyst
Featured Projects
10+ projects across 3 industry sectors
Tech Stack
Tools I use to build and secure AI systems
AI Security
AI/ML
LLMs & Agents
NVIDIA
Infrastructure
Languages
Breaking the Model
Two angles on adversarial attacks against Foundation Models
point cloud projection of skill embeddings. click "inject attack" to watch the adversarial pulse corrupt the manifold.
Every Foundation Model encodes its knowledge as points in a high-dimensional space. Attacks don't target text -- they target the manifold.
Cluster topology
Skills and concepts group into semantic regions. NLP, CV, RAG, Agents, Safety -- each is its own neighborhood in the embedding space.
Adversarial perturbation
A crafted input moves by a vector humans can't perceive, but lands it in a region the model classifies completely differently.
Manifold corruption
Click 'inject attack' to watch the pulse propagate through the cluster topology. This is how jailbreaks, prompt injection, and evasion attacks work at the geometric level.
Does Adrian Fit Your Role?
Paste a job description and our AI analyzes the match against Adrian's real profile -- projects, experience, skills, and certifications.
$ job_match --analyze
Education
Universidad Camilo Jose Cela
BS Double Degree Computational Mathematics & Computer Science
spec: Artificial IntelligenceMIOTI | Tech & Business School
Master's Degree, Gen AI & Deep Learning
MIOTI | Tech & Business School
Master's Degree, Big Data & Data Science
U-tad
CFGS Administracion de Sistemas Informaticos en Red (ASIR)
$ Certifications
GitHub Activity
Open source contributions and personal projects
$ gh repo list --sort updated
Generate your own ARCA — a Claude Code agent orchestrated by 59 specialist subagents, skills, hooks and pipelines.
A.R.C.A. — Adversarial multi-agent system for ML/AI engineering. Landing page for Anthropic Fellows program 2026.
Kaggle competitions — one subdirectory per challenge