Backend and APIs
Production services and data-heavy analytics workflows.
C#/.NET · EF Core · REST APIs · Microservices
Researcher · software engineer · open-source contributor
I study AI agents in real software systems. I want to know what they read, which actions they take, how they recover from failures, and whether their evidence holds up.
My work spans software reliability, agent security, empirical software engineering, program analysis, and developer tools. I also have three years of software and AI engineering experience, building backend services, cloud data workflows, and LLM/RAG features for healthcare analytics.
Current work
Remote Research Intern, UIUCJune–August 2026
Engineering profile
Three years of production software and AI engineering, alongside hands-on systems and open-source work.
Production services and data-heavy analytics workflows.
C#/.NET · EF Core · REST APIs · Microservices
LLM/RAG workflows and research tools connected to real software systems.
Python · LangGraph · MCP · RAG · LLM evaluation
Developer tools, program analysis, and multi-language open-source contributions.
Rust · Go · TypeScript · Java · C++
Deploying, tuning, and observing cloud-native services and data stores.
AWS · PostgreSQL · MongoDB · Docker · Kubernetes · OpenTelemetry
About
I grew up in Rajshahi and now live in Dhaka. I like work that starts with a research question and ends with something I can run, test, or measure.
That usually means reading papers, tracing failures, building tools, and writing down what actually happened.
Research agenda
My current work falls into six related areas.
01 · Reliability-agent evaluation

How can we evaluate an SRE agent in a live software environment without mistaking a shallow recovery for a reliable one?
Through UIUC++ SRSE 2026, I am working on SREGym, a benchmark for evaluating SRE agents in live system environments and real-world reliability problems.
02 · ML ecosystem security

What risks emerge when model-hosting platforms load community code and artifacts at ecosystem scale?
A cross-platform empirical study examines custom model-loading risk across five ML hosting ecosystems, using static analysis, malware-signature scanning, and more than 600 developer discussions.
03 · Agent security

Can a trigger steer an agent toward an attacker’s preferred valid choice while its final answer still appears acceptable?
SHIFT compares matched tasks with and without a known trigger, then asks whether a changed valid choice favors an attacker’s target after accounting for ordinary option quality.
The manuscript is not public; this is an abstract-level summary.
04 · Coding-agent systems
Research direction
How can coding agents preserve exact session facts, inspect the right files, and leave testable repair evidence?
ContextLedger measures what survives context compaction, ctxhelm and HelmBench evaluate retrieval efficiency, and PatchSmith records bounded repair runs with sandbox validation and inspectable artifacts.
05 · Agent memory
Research direction
Can coding agents preserve architectural intent while developers work through fast natural-language programming loops?
This emerging direction studies how agents should use commit history, prior edits, repository memory, and design intent without losing the speed of vibe coding.
06 · Multi-agent verification
Research direction
How can specialized agents generate relational schemas while formal checks and targeted repair keep the result consistent?
VeriSchema uses agents for entity extraction, relationship mining, normalization, and repair, with Z3 checks and component-level retries for relational consistency.
Publications and artifacts
Papers, submissions, and the public artifacts behind them.
2027

Under review at International Conference on Software Engineering (ICSE)
Large-scale cross-platform security study of roughly 45,000 repositories across five ML model hosting ecosystems, measuring unsafe deserialization, eval injection, malware signals, and recurring developer security misconceptions.
2026
Research paper
Submitted to Transactions of the Association for Computational Linguistics (TACL)
SHIFT tests whether a known trigger changes which valid option an agent chooses, then asks whether that movement favors an attacker's target after accounting for ordinary option quality.
Experience
A short account of the work I did and the outcomes I can support.

Remote summer research internship at the University of Illinois Urbana-Champaign through UIUC++ Summer Research in Software Engineering (SRSE) 2026 with Professor Tianyin Xu's group, focused on software and systems reliability research.
June–August 2026
Software Engineering Research · Systems Reliability · Empirical Evaluation · Reproducibility

Backend engineer on the KPI Library team, building .NET/C# microservices for healthcare analytics workflows over large patient-level datasets. IQVIA (NYSE: IQV) provides analytics, technology solutions, and clinical research services to the life sciences industry, with 74,000+ employees across 100+ countries.
June 2023–June 2026
C# · .NET Core · EF Core · PostgreSQL · MongoDB · AWS ·...

Built an e-commerce aggregator platform that let brands promote products by pulling listings from multiple e-commerce sites across Bangladesh.
April–November 2021
Python · Scrapy · ScrapyRT · Express.js · Node.js · MongoDB · DigitalOcean ·...
Education
My academic path, from Rajshahi to BUET and Alberta.
Starting September 2026 · Incoming

April 2018 - May 2023
Bangladesh University of Engineering and Technology

2015 - 2017
Engineering and open source
My current agent tools come first. The rest shows the systems and ML work that led to them.
Open source
Active RefactoringMiner development with Professor Nikolaos Tsantalis; I helped build MCP access for coding agents and contribute to the JetBrains integration collaboration.
A released Rust context compiler and source-free evaluation harness for testing whether coding agents inspect the right files with less irrelevant reading.
Typed, provenance-carrying session facts, exact token accounting, and measurable context compaction for long coding-agent runs.
An auditable repair harness with bounded context, structured patch proposals, sandbox validation, trace capture, and inspectable artifact directories.
Open source
Curated contribution evidence across EF Core, GenHTTP, deepagents, TypeScript, LangChain, and other developer-tooling repositories.
Systems build
1BRC C# on Apple Silicon, a Go database engine, a Go container runtime, a compiler, a ray tracer, TCP Vegas+, and the distributed EventFly platform.
Applied ML
Bangla digit recognition from NumPy and OpenCV primitives, BERT-context image captioning, and a mini deep-learning framework with autodiff and tensor operations.
Recognition
A few awards and competition results.
2025
Performance, critical issue resolution, and essential feature delivery.
2022
Second among 120 students; a custom CNN from NumPy and OpenCV primitives reached 95.9% test accuracy.
Level 2
Academic recognition for sophomore-year performance.
2017
National recognition in theoretical and practical physics.
2017
National recognition in chemistry alongside the physics award.
2017
Merit scholarship after placing 15th in the Rajshahi Education Board.
Recent milestones
Recent changes to my research and academic plans.
Aligned-backdoor auditing work submitted with Chowdhury Rakin Haider.
Cross-platform empirical security study with a public arXiv artifact.
Summer research with Professor Tianyin Xu's systems reliability group.
Joining U-A-Goose and Amii under Dr. Zhou Yang.