Since my Ph.D., my passion has been finding ways to secure software systems automatically through applying automated reasoning (aka formal methods). My research has always been centered on this, with notable work including a large-scale vulnerability detection in Ethereum smart contracts and some of the early efforts on automated bug fixing (well before the advent of LLMs).

When I first joined Google 8 years ago, my focus was building better defenses. I built checkers that detected hundreds of thousands of vulnerabilities in Android applications. After drafting numerous “Help Articles” to guide developers through the necessary fixes and dealing with inevitable escalations, I dreamt of a better future where vulnerabilities are not only automatically detected but also automatically remediated, at scale. That vision has been my underlying professional ambition ever since.

Recently, I worked on Google Deepmind’s CodeMender: an AI agent for automated code security patching and hardening. The future I had envisioned has finally begun to feel real. Generative AI is the catalyst that will bring my dream to fruition.

Despite my love for my research, I’ve always longed to experience the startup environment. My two years at Google Labs building products from the ground up solidified this belief. So, when Cogent reached out, the opportunity was simply too compelling to ignore. This was a chance to transition my academic and big-tech experience into a high impact, rapidly moving startup that was addressing critical, real-world needs of enterprise customers.

Why Cogent?

Cogent is much more than just another startup applying AI to security. The company's vision — a world where progress accelerates because security is assured — is precisely what I have been working toward. We're building AI that makes systems capable of fixing their own flaws, removing cyber threats as a barrier to human progress and safety.

Automation requires trust. To build trust in advanced AI agents, the rigorous validation that formal methods provide is essential. This is where my research background becomes directly relevant. However, formal methods only tell us how to validate. The crucial question of what to validate is answered by contextualization: a deep, nuanced understanding of the dynamic environment in which the software operates, its underlying business logic, and even the intent of its developers and users, etc. 

This is where I believe Cogent has the strategy exactly right: to build a technology that truly heals itself, you must first deeply understand each environment including its assets, its business logic, its risk in context. Only then can you prioritize with precision and achieve effective auto-remediation.

The company's early traction is remarkable. Just six months after launch, Cogent is already working with dozens of Fortune 1000 companies, indicating an accelerating flywheel. During my onsite visit, I was impressed by the synergy: high-quality data and valuable customer feedback are driving innovation here at an extremely fast pace.

Finally, the team’s energy, their deep expertise, and the founders' long-term commitment to building Cogent into a generational company were the crucial, convincing factors. I was impressed by their dedication to creating a sustainable and impactful enterprise, one that prioritizes long-term value for the security industry as a whole. Such dedication resonated with my own professional aspirations and sealed my decision to join the team.

The road ahead

It is widely expected that Agentic AI will enable the emergence of autonomous and adaptive systems capable of operating at “machine speed”, thereby offering an eventual solution to the defender’s dilemma. However, I anticipate the situation will actually worsen, at least in the near term. My prediction is based on several key factors:

• The rapid generation of insecure code due to reliance on "vibe-coding" or speculative development practices

• The utilization of AI by malicious actors to accelerate vulnerability discovery, leading to the automation and amplification of cyberattacks

• The constraint on auto-remediation efficacy imposed by the necessity of human oversight, a consequence of how people perceive the reliability of AI agents

• Slow adoption in proactive security hardening initiatives because enterprises are already overwhelmed by known vulnerabilities. Cogent’s product directly addresses this challenge.

These immense challenges present significant research opportunities that push forward the state of the art and will ultimately enhance Cogent's product offering, in line with our vision. Some examples are:

• Redesigning certain components of Vulnerability Management (VM), which were originally meant for consumption and resolution by humans, not by AI agents.

• Redesigning software engineering frameworks and processes to facilitate downstream auto-remediation.

• Developing coding agents that generate more secure code.

As a Head of Research at Cogent, my immediate objective is to identify 1-2 focus areas that will not only address aspects of the fundamental challenges outlined above, but also help shape the Cogent product roadmap in the medium term.

Next, we will partner with established research groups — academic institutions, industry consortia, and independent labs — to accelerate our learning and gain diverse expertise. Concurrently, we will scale up Cogent’s internal research arm. This internal team will focus on high-quality research, disseminated through publications at scientific conferences and, crucially, by translating scientific breakthroughs into actionable product features. The ultimate goal is for Cogent to become a trusted, recognized brand in cybersecurity, cementing Cogent's reputation as a thought leader and a vital source for advanced security intelligence.

If these challenges sound interesting to you, we’re actively expanding our team. Check out the open roles here.