Photon Security
Agentic AI & Cybersecurity Leadership
We combine deep technical expertise with strategic thinking to help organizations navigate offensive security, cloud hardening, AI/LLM threats, and emerging attack surfaces. Founded by a security leader with over 2 decades of experience at Commonwealth Bank, VMware, and Apple, with recognized research at GitHub, Microsoft, Atlassian, and Wiz.
Expertise
What We Deliver
Leveraging deep technical expertise across the full security spectrum — from hands-on offensive work to strategic consulting.
Offensive Security
Our offensive security services help organizations understand their real-world attack surface. Through penetration testing, red team operations, and API security assessments, we identify critical gaps before attackers do.
Cloud Security
We design and implement Azure and Microsoft 365 security architectures, including Entra ID hardening, Conditional Access policies, and cloud-native threat detection for enterprise environments.
Infrastructure Hardening
We establish enterprise security baselines, network segmentation strategies, and endpoint hardening protocols with security automation for large-scale organizational deployments.
AI/LLM Security
Our research program focuses on AI/LLM security assessments, prompt injection vulnerabilities, OWASP LLM Top 10 compliance, and threat modeling for organizations deploying AI-integrated applications.
Security Tooling
We develop open-source security tools, automation frameworks, and custom security solutions in Python, TypeScript, and PowerShell to enhance organizational security workflows.
Consulting & Leadership
We provide security strategy consulting, architecture advisory, technical leadership guidance, and executive-level security counsel for organizations building robust security programs.
Responsible Disclosure
Responsible Disclosure
Vulnerabilities responsibly disclosed to major technology companies.
Data Exposure
Identified a security flaw allowing unauthorised access to sensitive repository data, reported to GitHub Security.
Full write-up in Member ZoneAccess Control Bypass
Discovered a bypass mechanism in GitHub Copilot's access controls, enabling unauthorised feature access.
Full write-up in Member ZoneBusiness Logic Flaw
Found a business logic vulnerability allowing bypassing of Copilot subscription pricing controls.
Full write-up in Member ZoneOpen Source
Featured Projects
Security tools, AI/LLM tooling, and automation built in the open.
Scripts and methods to circumvent DNS, Proxy, Route, and PAC file restrictions on MacOS devices managed by MDM profiles. Includes DNS override using dnscrypt-proxy, proxy setting bypass, routing table modifications, and PAC file customizations. Intended for educational and personal use only
LiteLLM API key updater for macOS - automated validation, renewal, and Keychain management
Script to convert any video file (MP4, AVI, MOV, etc.) to an optimized GIF using FFmpeg. Simple, fast, and cross-platform
This repository contains scripts designed to manage and patch certificate stores on macOS systems. The primary function is to ensure that clients trust internal Certificate Authorities, making it easier to manage proxy and SSL trust issues.
GGUF model downloaded from docker
Knowledge Base
Latest Articles
Technical deep-dives on security, networking, AI/LLM, and tooling.
Claude Code with Opus & Sonnet 4.6 via GitHub Copilot
Unlock Claude Code with Anthropic's latest Opus 4.6 and Sonnet 4.6 models by routing through GitHub Copilot's API — a practical guide to leveraging enterprise Copilot licenses for cutting-edge AI coding assistance.
Deep Dive into Deep Packet Inspection
A comprehensive technical exploration of Deep Packet Inspection (DPI) — how it works, where it's deployed, how it intercepts TLS traffic, and what security professionals need to know about operating in DPI-inspected environments.
Web Debugging — A Practical Security Perspective
Effective web debugging techniques for security professionals — using browser DevTools, mitmproxy, Burp Suite, and custom scripts to intercept, inspect, and modify HTTP/HTTPS traffic.
Work With Us
Ready to Strengthen Your Security Posture?
Whether you need penetration testing, cloud security architecture, AI/LLM threat assessments, or strategic security guidance — we're here to help you navigate today's complex threat landscape.