About

Most of my output is in three areas, in roughly this order of time spent.

Security tooling. Arbiter and Aletheia are the headline projects. Both are written from scratch in Rust, both are MCP-first, and both exist because the security tools I had to use as an operator weren’t built for the world AI agents now operate in. Heuristics aren’t reasoning. Pattern-matching isn’t constraint inference. Real verification requires a real browser and a real interpreter, not a string match.

Beyond Arbiter, I maintain a handful of open-source security tools — Narsil-MCP for code intelligence, Veilguard as a clean-room SecureDrop rebuild, Sanctum for supply-chain verification. These exist because I keep wanting them to exist; the commercial logic is incidental.

Civic data and tooling. Tightrope Tracker is the most visible civic project: a live, sourced dashboard of UK fiscal and economic constraint, built for Looking For Growth UK. There’s adjacent work — fixingbritain.com, Britain Builders — and a steady throughline of making the data public, primary, and verifiable rather than mediated through op-eds. I don’t think the UK has a data problem. I think it has an attention problem, and the data is part of the fix.

Research-shaped side projects. I have an on-and-off interest in compute-in-memory architectures for LLM inference, in formal methods for security properties, and in what “constraint as the unit of intelligence” actually buys you when you formalise it. Most of this is unpublished and probably will stay that way until it’s defensible.

I came to security sideways. Marine Studies at Plymouth, then a long detour through customer support, paralegal work, distribution automation, and SaaS support engineering at Reciprocity in Slovenia. Security started in earnest at a music publishing company where I led the Log4Shell response and spun up a Security Incident Response Team, then formalised at Encord (YC, Series A computer-vision AI) where I owned controls, compliance, and our first SOC 2 Type 2.

The current job — Security Engineer at an edtech company — is the day job. Arbiter, the open-source work, and Tightrope sit alongside it.