Hands-on AI-for-Security engagement with a regulated iGaming / online-gaming group The client's security team is genuinely advanced: they already run an AI-driven offensive-security capability — continuous external-perimeter scanning feeding an LLM agent that plans exploitation, sources and validates exploits, and executes them in sandboxed environments — plus a runtime anomaly-detection layer watching for intrusion and privilege-escalation patterns across their products. They built this themselves and have explicitly asked us to challenge and improve it, not just rubber-stamp it
This is not a generalist AI project Neurons Lab brings the AI-architecture and engagement depth; what's missing is the offensive-security domain lead who can sit across the table from a hands-on CISO team as a peer, pressure-test their pipeline, and own the methodology. You are that expert. The early work is concrete and consultative: understand what they've built, find where it's wrong or expensive, and propose a better way.
Stage pre-engagement / discovery (the immediate next step is a joint technical session with the client's CISO / security engineers). Duration discovery → advisory / PoC, with strong extension probability as the security program scales across the group.
Reporting Neurons Lab CTO / engagement lead (@Alex Honchar); partners with the Neurons Lab AI Architect on the account. You are the security domain owner for this track.
Join joint working sessions with the client's hands-on security engineers; challenge and harden their AI-driven offensive pipeline end-to-end (recon → verification → AI-planned exploitation → sandboxed execution).
Design and refine the exploitation agent how the LLM plans attack paths, selects and validates exploits, and orchestrates parallel sandboxes safely and reproducibly.
Optimise cost-per-finding of the existing exploitation pipeline: benchmark local / sovereign open models (Kimi, GPT-OSS, MiniMax, DeepSeek) against frontier models for the recon, exploitation and analysis loops; quantify accuracy / latency / cost trade-offs and recommend hardware sizing.
Shape the runtime anomaly-detection layer define which intrusion / privilege-escalation precursor patterns are worth collecting (signal over raw-log volume), and design the missing pieces — automated response (kill a malicious process / disable an account on detection) and triage routing by criticality.
Stand up a quick-win PoC to anchor the engagement — e.g. an automated dependency / PR vulnerability-scanning pass, or a head-to-head local-vs-frontier benchmark of the exploitation agent.
Turn findings into a defensible technical proposal and roadmap; present methodology and trade-offs to a technical CISO / CTO audience.
Keep all sensitive work build-time and in-perimeter — no pushing intellectual property, configs, or recon-enabling data to external model providers; respect regulated-gaming certification constraints (no uncertified AI in runtime-critical paths).
Hands-on offensive security vulnerability research, exploit development and chaining, web + network penetration testing; fluent with Nmap, Nuclei, Katana, Acunetix, Metasploit, Burp Suite and Kali tooling.
Building and operating LLM agents for security work — agentic tool-use, sandbox orchestration, prompt / flow design for recon and exploitation, guardrails for autonomous exploitation.
Local / self-hosted open models running and tuning open weights (Kimi, GPT-OSS, MiniMax, DeepSeek) on rented or private GPU; quantization, throughput and the agentic-performance trade-offs that matter for security automation.
Exploit & threat intelligence sourcing and validating exploits (including from underground / forum sources), CVE triage, exploitability and severity assessment.
Runtime detection designing intrusion / privilege-escalation pattern detection, anomaly detection, and automated response.
Cloud security (AWS preferred) sandboxing, container isolation, secure inference hosting.
Writes their own code (Python + shell) and can explain methodology to non-security executives
Modern offensive-security methodology and the current exploit / zero-day landscape.
Strengths and limits of frontier vs. local LLMs for security automation (agentic tool-use, reasoning depth, cost-per-task).
Data-egress / sovereignty constraints why IP and recon-enabling data must stay in-perimeter; private-cloud (AWS Bedrock) vs. rented-hardware trade-offs.
iGaming / regulated-infrastructure context and certification constraints (build-time vs. run-time AI) — strong plus
Defensive side — SIEM, anomaly detection, incident response — plus
Key characteristics (ideally 4/4):
Hands-on offensive security
Built or operated AI / LLM-driven security automation (agents, pipelines), not just used a chatbot
Cloud hyperscaler experience (AWS preferred)
Technology consulting / client-facing delivery — can lead a CISO-level technical conversation
Role-specific characteristics:
3+ years hands-on offensive security / vulnerability research / red-team
Demonstrable exploit development and chaining; comfortable with zero-day research and exploit intelligence
Has wired LLMs into real security workflows (recon, exploitation, triage)
Has run self-hosted / local open models in a real engagement, with a view on cost and hardware
Comfortable being the sole domain expert in the room and owning the methodology
Allocation ~0.25 – 0.5 FTE initially (discovery/advisory + joint CISO sessions), scaling with the engagement
Your Path to Enterprise AI Starts Here.
Neurons Lab delivers AI transformation services to guide enterprises into the new era of AI. Our approach covers the complete AI spectrum, combining leadership alignment with technology integration to deliver measurable outcomes.
As an AWS Advanced Partner and GenAI competency holder, we have successfully delivered tailored AI solutions to over 100 clients, including Fortune 500 companies and governmental organizations.
