Skip to content

AI Security · AI Safety · Red Teaming

Adrian Infantes

AI Security Engineer

I protect AI systems from the attacks that haven't been invented yet.

|
BBVA Technology
Production banking
206+
Attack vectors tested
Kaggle Master
Competitive ML
HackTheBox Top 800
Security practice
scroll

About

Adrian Infantes in a data center

I build and break AI systems for one of Europe's largest banks. +6 years at the intersection of AI Engineering and Offensive Security, specialized in Financial Crime environments: AML, Sanctions Screening, KYC/KYB, and Transaction Monitoring. I evaluate, attack, and fortify Foundation Models, RAG pipelines, and Agentic Systems in regulated banking production.

From the math behind the Transformer to the attack surface of the autonomous agent -- first-principles thinking applied to making AI systems secure by design.

6+
Years building AI systems
206+
Attacks on Foundation Models
800
HackTheBox global rank
-20%
Latency in prod banking
-35%
Infrastructure costs
45K
Images/hour real-time CV

The system behind every commit

A.R.C.A

Powered by A.R.C.A

I do not just talk about agentic adversarial AI -- I run on one.

A.R.C.A is the personal agentic orchestration layer I built on top of Claude Code. 49 specialized agents (Opus + Sonnet), a 14-cycle ML pipeline across 47 phases, 45 enforcement hooks wired across 11 lifecycle events, 58 slash commands and 20 MCP servers — pure configuration, no runtime. Every line of code on this site, every red-team exercise, every project below passed through its gates before reaching main.

49
specialized agents
97
skills catalog
47
architecture decisions
14
ML pipeline cycles
01

Documented decisions

Every architectural choice ships with a Nygard ADR. 47 numbered records, 36 active across architecture, security, governance and the meta-system itself. Each one lists context, alternatives weighed and consequences.

02

Adversarial gate chain

math-critic -> debt-detector -> code-critic -> chief-architect. Producing agents (ml/dl/ai-engineer) cannot reach code-critic without math-critic signing off first. 45 bash hook entries wired across PreToolUse / PostToolUse enforce the chain — bypass leaves an audit trail.

03

Pipeline discipline

14 ML cycles, 47 phases, one blocking gate at every exit — from C1 Discovery to C14 Sunset. No cycle closes without its mandatory artifact (Excalidraw diagram in C1/C4/C6/C10/C12, ADR in C4, model sign-off in C8, rollback plan in C10).

2nd Place Hack a Boss
Python Hackathon
Speaker OMEN League
Featured speaker
Talent4Cyber
CiberEspacio contributor

Experience

From data pipelines to AI security architecture

Jan 2026

AI Security Architect

BBVA Technology

Jan 2026 -- Present Madrid, Spain

Protecting AI systems in European banking from adversarial attacks

-20%
Latency
-35%
Costs
206+
Attacks tested
[Technical details]

Designed the AI Safety architecture (HLD/LLD) for sensitive data processing in Financial Crime environments -- AML, KYC/KYB, and Transaction Monitoring pipelines -- combining NVIDIA infrastructure (DGX + Triton) with Azure Confidential Computing.

  • Led AI Red Teaming: 206+ attack vectors evaluated, 7 critical findings remediated pre-deploy
  • MLSecOps end-to-end: security gates in CI/CD, Zero Trust, Defense-in-Depth architecture
  • Hybrid on-premise + cloud architecture with GDPR and banking regulation compliance
AI SafetyRed TeamingMITRE ATLASOWASP LLMsPyRITGarakNVIDIA DGXTritonAzure TEEsMLSecOpsZero TrustKubernetes
Jan 2024

AI/ML Engineer

BBVA Technology

Jan 2024 -- Jan 2026 Madrid, Spain

Building secure RAG and fraud detection for financial crime prevention

+15%
Retrieval precision
+22% AUC
Fraud detection
-40%
Time-to-market
[Technical details]

Design, development and deployment of AI systems with integrated AI Safety for regulated financial sector environments, combining on-premise GPU clusters and AWS (SageMaker, Bedrock).

  • Secure RAG with guardrails (GraphRAG, Self-RAG) on sensitive documentation using FAISS + Elasticsearch
  • NLP pipelines processing +10M interactions/year -- ASR, diarization, sentiment analysis
  • Fraud detection ensemble models (XGBoost + Transformers) on 50K documents/day
LLMsRAGGraphRAGLangChainPyTorchNLPTransformersXGBoostMLflowAWS SageMakerBedrockDockerEKS
Feb 2020

Machine Learning Engineer

Ecoembes

Feb 2020 -- Jan 2024 Madrid, Spain

Automating waste classification with computer vision and edge AI

45K img/h
Throughput
<100ms
Latency
-18%
CO2 footprint
[Technical details]

Technological modernization of waste sorting plants using hybrid cloud + Edge AI architectures, automating classification, logistics optimization and operational analytics.

  • Real-time CV classification system: 12 waste types, 85% accuracy, 45K images/hour, <100ms latency
  • Logistics optimization: heuristic route algorithms migrated to cloud, -25% km traveled
  • NLP assistant: migrated legacy to BERT multilingual, +40% precision in citizen queries
Computer VisionPyTorchONNXEdge AISageMakerBERTNLPIoTDockerMLOpsCI/CD
Jan 2019

Data Scientist

Capgemini

Jan 2019 -- Feb 2020 Madrid, Spain

Modernizing analytics with cloud data pipelines on AWS

-30%
Analysis cycle
-35%
Query time
+20%
Forecast accuracy
[Technical details]

Contributed to the design and modernization of analytical solutions on AWS, working on data pipelines, predictive modeling, BI and automation.

  • Data Lake & ETL: consolidated 10+ data sources into S3 with Python and Boto3
  • Predictive modeling with scikit-learn for product adoption forecasting
  • Serverless automation with AWS Lambda, saving 10 hours/week per analyst
PythonAWS S3LambdaRDSscikit-learnTableauQuickSightETLPostgreSQL

Featured Projects

10+ projects across 3 industry sectors

Tech Stack

Tools I use to build and secure AI systems

AI Security

MITRE ATLAS OWASP LLMs Adversarial ML PyRIT Garak Threat Modeling Fuzzing Red Teaming

AI/ML

PyTorch Transformers Deep Learning scikit-learn XGBoost Computer Vision NLP ONNX

LLMs & Agents

LangGraph LangChain AutoGen RAG GraphRAG Self-RAG ReAct FAISS

NVIDIA

DGX TensorRT-LLM Triton NIM CUDA cuDNN Quantization FP8/INT8/AWQ

Infrastructure

Kubernetes Docker AWS Azure GCP MLflow CI/CD Zero Trust

Languages

Python C++ CUDA TypeScript SQL Bash

Breaking the Model

Two angles on adversarial attacks against Foundation Models

$ visualize latent_manifold
latent_space.vec[1800]
attacks logged: 0
desktop only
interactive 3D visualization
NLPCVRAGAgentsSafety
dim: 1800 · proj: 3D

point cloud projection of skill embeddings. click "inject attack" to watch the adversarial pulse corrupt the manifold.

Every Foundation Model encodes its knowledge as points in a high-dimensional space. Attacks don't target text -- they target the manifold.

01

Cluster topology

Skills and concepts group into semantic regions. NLP, CV, RAG, Agents, Safety -- each is its own neighborhood in the embedding space.

02

Adversarial perturbation

A crafted input moves by a vector humans can't perceive, but lands it in a region the model classifies completely differently.

03

Manifold corruption

Click 'inject attack' to watch the pulse propagate through the cluster topology. This is how jailbreaks, prompt injection, and evasion attacks work at the geometric level.

206+ attack vectors documented. 7 critical findings remediated pre-deploy at BBVA.

Does Adrian Fit Your Role?

Paste a job description and our AI analyzes the match against Adrian's real profile -- projects, experience, skills, and certifications.

$ job_match --analyze

0/6000

Education

🎓

Universidad Camilo Jose Cela

BS Double Degree Computational Mathematics & Computer Science

spec: Artificial Intelligence
🧠

MIOTI | Tech & Business School

Master's Degree, Gen AI & Deep Learning

📊

MIOTI | Tech & Business School

Master's Degree, Big Data & Data Science

🖥️

U-tad

CFGS Administracion de Sistemas Informaticos en Red (ASIR)

$ Certifications

AI-102: Azure AI Solution Design LangChain for LLM Application Development Certificate AI Engineer Track Linear Algebra for ML & Data Science OSINT Fundamentals

Let's Talk

Looking for an AI Security Engineer who builds and breaks AI systems? Drop a message.

0/2000

Your message is sent via Formsubmit. No tracking, no spam.

or find me at

Madrid, Spain