Applied Security
Research Leader.
Agentic Engineer.
I'm Rob Ragan, Principal Technology Strategist at Bishop Fox. I lead a team of agentic engineers and I research and design cutting-edge offensive security agents that attack web applications and other systems. 18+ years of breaking things so they can be built back stronger.
18+
4x
10+
1
Featured Research
Arbiter
AI judge agent that watched 25 live hackathon demos in real time via Gemini Live API. Scores projects with a multi-model ensemble (Claude + Gemini + Groq), delivers commentary via Cartesia TTS, and defends itself against prompt injection attempts in 7 languages. 1,451 tests passing.
- Real-time camera + audio capture via Gemini Live API
- Multi-model scoring ensemble with outlier detection
- Prompt injection defense: regex + semantic classifier, 7 languages
- Cross-team deliberation with full demo memory
$ python arbiter.py --mode live-judge
[*] Arbiter v1.0 // AI Hackathon Judge
[+] Gemini Live connected (camera + audio)
[+] Scoring ensemble: Claude + Gemini + Groq
> Demo 14/25 | Team: ghost_protocol
SCORE: 8.7/10 | Innovation: 9 | Technical: 8
"Clever use of tool-use sandboxing to
contain agent lateral movement..."
$
NEBULA:FOG
AI x Security Hackathon Series
I co-founded NEBULA:FOG because I wanted a room full of builders who actually break and defend AI systems, not just talk about it. 120+ builders at our first event, 24 projects shipped in a single day. Everyone builds. Everyone demos. No spectators.
120+
24
2
Tools & Projects
Cosmos
AI-powered application security testing product at Bishop Fox. Autonomous agents that test entire application portfolios at scale, finding vulnerabilities across web apps that manual testing misses. Shipped to production, used by enterprise customers.
Arbiter
AI judge agent for NEBULA:FOG 2026. Watches hackathon demos via Gemini Live, scores with a multi-model ensemble (Claude + Gemini + Groq), defends against prompt injection in 7 languages. Judged 25 live demos. 1,451 tests passing.
Starlog
Expert-curated deep dives on offensive security tools and AI agents. CLI pipeline powered by Claude that ingests GitHub stars, analyzes repos, and generates long-form articles autonomously. Live at starlog.is.
Conference Talks
Writing
I Built a Skin System for Claude Code — Here's How It Works
A customizable theming system for Claude Code with nine visual and behavioral personas. Modifies terminal colors, ASCII banners, status indicators, and personality narration styles.
Most Security Programs Test a Fraction of Their Applications. That Changes Today.
Announcing Cosmos AI-powered application security testing. How organizations can finally test entire application portfolios at scale.
The Promise and Perils of AI: Navigating Emerging Cyber Threats
Recap of the Dark Reading panel. How AI simultaneously empowers defenders and attackers. Prompt injection, deepfakes, AI-driven social engineering.
How I work
Everything here is backed by hands-on testing, reproducible findings, and code you can run. I prototype fast, ship to production, and iterate based on what real users and real attackers actually do. The goal is making systems more robust, not just demonstrating they're broken.