Security engineering, AI-native tooling, civic data. Based in Exeter.
I build security tools that reason about code instead of pattern-matching it, and civic infrastructure that puts public data where the public can use it. Most of my time goes to Arbiter Security, a two-product platform for finding real vulnerabilities in web applications and binaries. The rest goes to open source and to projects I think the country needs and nobody else is building.
AI-native offensive security tools, built in Rust.
Two closed-source products exposed as MCP servers for AI agents. Arbiter infers how a web application works, finds where it breaks across 52 vulnerability classes, and verifies every exploit in a real browser. Aletheia loads PE/ELF/Mach-O binaries, lifts to SSA-form IR, decompiles to typed C, and finds vulnerabilities across 14 CWE classes with concolic falsification and machine-checkable proofs.
A live dashboard of UK economic constraint.
Open-source civic data project commissioned by Looking For Growth. Markets, fiscal headroom, labour resilience, and growth delivery rolled into a single 0–100 score, recomputed nightly from primary sources (OBR, ONS, BoE, DMO). Every figure is sourced; the methodology and the codebase are public.
Code intelligence and supply-chain verification, in Rust.
Narsil-MCP is a code-intelligence MCP server with 90+ tools for AI coding agents, published on crates.io, npm, and Homebrew. Veilguard is a clean-room SecureDrop rebuild. Sanctum is a supply-chain verification tool for the post-XZ-Utils threat model. All three are open source.