Developing runtime detection system for aligned backdoors in LLM agents that evade traditional consistency checks. Adapts STRIP-style perturbation testing to measure choice invariance under benign input variations and K-Arm trigger inversion to identify minimal triggers. Targets brand bias, tool manipulation, and multi-turn/temporal backdoors in shopping and computer-use agents (WebShop, OSWorld, AgentBench).

Mentor and co-researcher with Dr. Sukarna Barua (BUET); extending SchemaAgent baseline with domain-specific language for improved agent-to-agent communication. Reduced schema generation errors by 42% through DSL-based communication protocol and hierarchical agent architecture with specialized roles for entity extraction, relationship mapping, and constraint validation.

Comprehensive analysis of trust_remote_code vulnerabilities across 6 ML platforms (Hugging Face, PyTorch Hub, ModelScope, OpenCSG, OpenMMLab, NVIDIA NGC) examining custom code execution during model loading. Conducted multi-phase empirical study including metadata extraction, custom code download, static analysis for security smells, and qualitative analysis of developer discussions from GitHub and Stack Overflow. Proposed security recommendations for platform maintainers including SafeTensors format adoption and runtime isolation strategies; developed automated vulnerability detection toolkit. Manuscript in progress; target venue: MSR 2026.

Research collaboration with Dr. Akond Rahman, Assistant Professor at Auburn University, specializing in DevOps and cybersecurity. Developed comprehensive taxonomy for API contracts in LLM libraries with refined classification: Input contracts (60%), Output contracts (20%), Temporal/Sequence contracts (15%), and Extended contract types (5%). Conducted empirical study analyzing 412 real-world issues from Stack Overflow, GitHub, and developer forums covering LangChain, HuggingFace, and LlamaIndex. Pioneered LLM-based approach for automated contract extraction and validation in production systems. Currently developing Design by Contract (DbC) tools to automatically enforce API contracts, reducing LLM integration failures by proactive contract validation.

Developed Bangladesh's first anonymous online reporting system (uReporter) and analyzed crowd-sourced reports using transformer models and NRC Lexicon-based analysis. The research focused on sentiment analysis of anonymous reports by people in Bangladesh during an outburst period. Note: This work was initially rejected from The 28th ACM Conference on Computer-Supported Cooperative Work and Social Computing (ACM CSCW) due to novelty concerns and misalignment with conference research goals. Currently revising and preparing for submission to a more suitable venue.

Undergraduate Thesis. Supervised by Professor ASM Latiful Hoque (BUET); designed blockchain framework separating encrypted off-chain storage from on-chain access control using Ethereum smart contracts and IPFS. Implemented ERC-721 based patient records with AES-GCM encryption, ECIES key wrapping, and EIP-712 signed permissions; evaluated on 10,000 synthetic patients with comprehensive gas analysis and audit trails.