I study AI agents where software systems, security boundaries, and operational evidence matter. The aim is to make agent behavior inspectable before it is trusted. Current work combines reliability-agent evaluation, security audits for agent choices, and developer tools that make context and software evolution easier to examine.
Questions, artifacts, and what the evidence supports
01 · Reliability-agent evaluation
Research context · UIUC++ SRSE 2026
How can we evaluate an SRE agent in a live software environment without mistaking a shallow recovery for a reliable one?
SREGym: AI for SRE and reliability-agent evaluation
Through UIUC++ SRSE 2026, I am working on SREGym, a benchmark for evaluating SRE agents in live system environments and real-world reliability problems.
Status
Active research · UIUC++ SRSE 2026
Context
June–August 2026 · Professor Tianyin Xu and the UIUC systems reliability group
What risks emerge when model-hosting platforms load community code and artifacts at ecosystem scale?
Remote Code Execution in ML model hosting ecosystems
A cross-platform empirical study examines custom model-loading risk across five ML hosting ecosystems, using static analysis, malware-signature scanning, and more than 600 developer discussions.
Status
Under review at ICSE 2027
Context
With Mohammed Latif Siddiq, Natalie Sekerak, Beatrice Casey, and Joanna C. S. Santos
Can a trigger steer an agent toward an attacker’s preferred valid choice while its final answer still appears acceptable?
The Choice Can Be the Attack: auditing aligned backdoors in LLM agents
SHIFT compares matched tasks with and without a known trigger, then asks whether a changed valid choice favors an attacker’s target after accounting for ordinary option quality.
Status
Submitted to TACL 2026 · manuscript not public
Context
With Chowdhury Rakin Haider · abstract-level summary only
Last verified
The manuscript is not public; this record is deliberately limited to an abstract-level summary.
How can coding agents preserve exact session facts, inspect the right files, and leave testable repair evidence?
Context, retrieval, and auditable repair
ContextLedger measures what survives context compaction, ctxhelm and HelmBench evaluate retrieval efficiency, and PatchSmith records bounded repair runs with sandbox validation and inspectable artifacts.
Status
Active systems research
Context
ContextLedger · ctxhelm and HelmBench · PatchSmith
Can coding agents preserve architectural intent while developers work through fast natural-language programming loops?
History-aware vibe coding
This emerging direction studies how agents should use commit history, prior edits, repository memory, and design intent without losing the speed of vibe coding.
Status
Emerging research direction
Context
With Dr. Zhou Yang · University of Alberta and Amii
How can specialized agents generate relational schemas while formal checks and targeted repair keep the result consistent?
VeriSchema: verified database-schema generation
VeriSchema uses agents for entity extraction, relationship mining, normalization, and repair, with Z3 checks and component-level retries for relational consistency.