First large-scale cross-platform study analyzing ~45,000 repositories across 5 major platforms (Hugging Face, ModelScope, OpenCSG, OpenMMLab, PyTorch Hub) with co-authors Mohammad Latif Siddiq and Joanna C. Santos. Detected security vulnerabilities using static analyzers (Bandit, CodeQL, Semgrep) and YARA malware signatures: found CWE-502 (unsafe deserialization) in 74.54% and CWE-95 (eval injection) in 15.02% of affected repositories; 10.41% of Hugging Face repos contain security smells. Analyzed 600+ developer discussions to create taxonomy of security misconceptions; revealed only 6.6% SafeTensors adoption and widespread trust_remote_code usage. In Review at MSR 2026.

Extending ReAgent to detect aligned backdoors that maintain semantic consistency while subverting user intent through preference manipulation; collaboration with Dr. Chowdhury Md. Rakin Haider (BUET). Implementing Text/Env-STRIP for perturbation-based runtime detection achieving FAR ≤ 5% at FRR = 1-2%, and K-Arm trigger inversion for forensic analysis with multi-armed bandit optimization. Evaluating on 3 benchmarks (WebShop-1.18M products, OSWorld-369 tasks, AgentBench) against comprehensive attack suite including Sleeper-style, instruction backdoors, and multi-turn hidden triggers.

Extended SchemaAgent with Dr. Sukarna Barua (BUET) using LangGraph StateGraph architecture with conditional routing and 3-tier auto-repair system. Designed 6-stage decomposed pipeline with specialized agents for entity extraction, relationship mining, and normalization with Z3 formal verification. Implemented granular component-level retry mechanism with intelligent violation analysis, reducing redundant LLM calls by 80%.

Developing taxonomy for API contracts through empirical study of 412 real-world issues with Dr. Akond Rahman (Auburn University). Created OpenAI SDK and LangChain extensions for automatic contract enforcement and runtime remediation. Implemented precondition/postcondition validators with automatic retry mechanisms and fallback strategies.

Developed uReporter -- Bangladesh's first anonymous reporting system during 2024 national crisis. Analyzed 124 crowd-sourced reports using six transformer models with multilingual NLP pipeline for Bengali/Romanized Bengali. Demonstrated anonymous crowd-sourcing's potential for understanding Global South socio-political dynamics.

Undergraduate Thesis. Designed blockchain framework with encrypted off-chain IPFS storage and on-chain Ethereum access control under Professor ASM Latiful Hoque (BUET). Implemented ERC-721 based patient records with AES-GCM encryption, ECIES key wrapping, and EIP-712 signed permissions. Evaluated system performance and security on 10,000 synthetic patient records demonstrating scalability and privacy preservation.