Blog
2026
2025
- Design patterns for AI agentsWhen should you split one AI agent into many? A rough mathematical model for deciding.
- My reading list [wip]I am often asked for recommendations on reading materials for those working with AI/ML and LLMs. Here is a short list of what I read (and re-read!).
- Personal reflections: fighting fraud with AI and data scienceApproximate transcript of a talk I gave at Stanford's data science department on 4/17, on my reflections tackling fraud with AI and data science.
- Defining "AI Agents"Who knows what an "AI agent" is? Amidst the industry hype, this is an (amateur) attempt at a somewhat rigorous definition.
- Lost in the middle, or just lost? Evaluating LLMs on information retrieval with long input contextsLLMs have become increasingly powerful over the past two years. Across 2023 and 2024, we saw new models flourish — every few months, a new model would reach…
2024
2023
- Browser-based signalsHow can we spot potentially inauthentic browsers and users? 📕This article forms part of the notes from Week 3 of the Data Science for Security and Fraud…
- A Note on Week 3Welcome to the second half of the course! So far we've learned how fraudsters think while practicing offensive attacks on Alpha Bank, and analyzed HTTP server…
- Differentiating how "bots" vs. "humans" interact onlineHow do bots and humans interact differently online? What about "good humans" vs. "bad humans"? How can we define and reduce the problem of identifying…
- Analyzing web application dataLearn how to effectively analyze and clean web application data, ensure consistency across logs, enrich the dataset with additional information, explore…
- Detecting bot trafficHow can we differentiate bot from human traffic? What are some typical features? 📕This article forms part of the notes from Week 2 of the Data Science for…
- Using Browser Developer Tools and PostmanLearn how to use browser dev tools and Postman to analyze web traffic. 📕This article forms part of the notes from Week 1 of the Data Science for Security and…
- Thinking Like an AttackerHow do web attackers exploit applications for financial gain through credential resale, money laundering, headless browser automation, and MFA-bypassing…
- Week 1 Project: Attacking Alpha Bank🧰This article is the project for Week 1 of the Data Science for Security and Fraud online course. Access the full course outline here.
- Web Applications 101How do web applications work? What are the key concepts that you should know, and some tools for automating web requests? 📕This article forms part of the…