TonyAI Security PortfolioPrincipal Software Engineer · AI Force Multiplier · Architecture · Zero Trust · Identity · Compliance
How do you put AI in a payments pipeline without letting it move money on its own confidence?
The AI recommends. A hard policy engine decides. The money never moves on AI confidence alone. ReBAC enforces identity at every layer boundary — revoke one relationship, the entire chain is blocked.
Prompt Evaluation Gate (PEG) sits between Claude's output and execution — deterministic Python, no LLM. Checks amount coherence, duplicate detection, frequency anomaly, reasoning validity. Fail any check = hard block, no override. Hash-chained audit trail ties every hop — ReBAC check, AI recommendation, PEG verdict, human approval, execution — to one correlation ID.
Same AI. Same query. Different identity. Different answer. Zero Trust enforces it — not the prompt.
Jill asks about Q1 revenue — gets the numbers. Jack asks the same question — gets nothing. Enforcement happens at retrieval, before Claude sees a single token. PHI never leaves the trust boundary.
Builds on Last Mile Zero Trust — JWT → ReBAC → Bedrock KB pre-filter → DynamoDB audit. Same stack, swappable backend.
Every request carries a correlation ID from JWT validation through ReBAC, retrieval, and response — traceable end-to-end in CloudWatch. Full observability built in, not bolted on.
How do you establish trust between AI agents when no standard exists?
Defining the standard for agent-to-agent identity and trust. IETF Security Area Director responded day one. First author.
Draft backed by a working PoC — JWT chains, HMAC message integrity, X.509 PKI, CRL, dual-signature policy governance. Every pattern in the spec runs as code.
How do you give an AI agent secure access to on-prem data without static credentials or opening firewall holes?
Zero static credentials. Zero inbound firewall rules. Full cryptographic audit trail on every access.
How do you prove an AI system's decisions are tamper-proof in a federally regulated environment?
AWS-native FIPS 140-3 security boundary. KMS-signed decisions. Tamper-proof audit trail in S3 Object Lock COMPLIANCE mode — root cannot delete the evidence. FedRAMP-ready.
How do you cut security investigation time from 45 minutes to 60 seconds?
Plain-English in, forensically verified answer out. Conversational DevOps — CloudTrail, CloudWatch, DynamoDB, and KMS through natural language with full audit trail.
How do you roll out enterprise AI safely — and onboard into a new role faster without sensitive data leaving the org?
Hard spend caps. Local-first retrieval. Sensitive data never reaches an external API. Onboarding accelerator — ingest docs, ADRs, runbooks. Ramp fast, stay secure.
