FILE / THIAGO · GONCALVES

A Working Document — 2026 Edition

ThiagoGoncalves.

Working at the intersection of AI platforms and cybersecurity — designing the infrastructure around models (memory, guardrails, auditability) so they hold up in production, under scrutiny, and against misuse.

[email protected]linkedin / thiagogoncalvesofficial github / Alienfader

PLATE I — Subject, Builder-Operator.2026/04

§ 01

Statement of Intent

Filed 2026 / Public

Senior software engineer with 20+ years building and securing production systems. I work at the intersection of AI platforms, security, and developer tooling — designing the infrastructure around AI models (persistent memory, evaluation boundaries, guardrails, credential safety, auditability) so they hold up in production, under scrutiny, and against misuse. Founder-operator running the full vertical: bare-metal local inference on a self-hosted stack (Ollama on TrueNAS SCALE), Model Context Protocol middleware, IDE-resident extensions, marketing surface, payment integration, and the IP work underneath. Background in offensive security (CEH, TryHackMe rank #231 US) shapes how I design AI systems — adversarial conditions assumed, trust boundaries explicit, failure modes engineered for, not hoped against. Self-taught.

§ 02

Selected Highlights

Receipts / 2022 – 2026

H-01
96.4%
token reduction at n = 2,189
Continuity's bounded-retrieval middleware enforces a hard ceiling on per-turn decision injection (default top-K = 3, hard cap = 10, per-record character caps). Worst-case per-turn cost ≈17,500 tokens regardless of corpus size — against a static-embedding baseline that would require ~485,000 tokens at the same decision count. Local Sentence-BERT embeddings (Xenova/all-MiniLM-L6-v2 on ONNX Runtime), sub-15ms retrieval, zero telemetry.
H-02
Oct 2025
shipped before the platforms
Published Continuity to the VS Code Marketplace in October 2025. Anthropic shipped a near-identical Session Memory architecture for Claude Code months later — independent validation of the design.
H-03
5 layers
defense-in-depth credential safety
Designed and shipped a five-boundary credential-scrubbing architecture for memory-augmented AI assistants: redaction at the MCP input boundary, at the AI-generated output boundary, at the persistence write sink, again at the persistence read path, and at the MCP tool-result return. 27 provider-specific patterns plus a Shannon-entropy fallback empirically calibrated to 4.5 bits per character. Measured 100% recall on the positive corpus; 0% high-confidence false positives on ~1,200-string negative corpus. Idempotent scrub primitive verified across all 27 patterns in a 56-test suite.
H-04
RedArchives
tamper-evident archive
Evidence preservation for human rights documentation. Cryptographic fingerprinting, blockchain-anchored provenance, explicit threat model covering insider risk, post-hoc tampering, chain-of-custody disputes, and decade-scale temporal attacks.
H-05
$85K+ / yr
savings at ShineOn
Through SaaS rationalization and vendor consolidation. Identified and remediated silent security drift without service disruption.

§ 03

Professional Record

Chronological / current first

R-01

Sep 2022

↓ Present

Remote

Founder-Operator

Founder & Technical Lead

Hackerware LLC

Security-focused applied AI lab. Builder-operator across architecture, implementation, deployment, and iteration — bare metal to paid Pro tier on the VS Code Marketplace.

// Project — R-01.01

Continuity — Persistent memory and runtime governance for AI-assisted development.

¶01Identified the core failure mode: AI assistants produce inconsistent output because architectural decisions, constraints, and rationale are lost between sessions. Treated context as infrastructure, not convenience.
¶02Designed a bounded-retrieval middleware that decouples per-turn token consumption from total stored knowledge. Hard-ceilinged top-K (default 3, max 10) with per-record character caps. At n = 2,189 decisions, worst-case per-turn injection is ≈17,500 tokens against a static-embedding baseline of ~485,000 — a ~96.4% reduction that holds as the corpus grows.
¶03Shipped a five-layer defense-in-depth credential-scrubbing architecture for the Memory Amplifier threat — credentials that enter AI context once and get re-injected into every future session through persisted memory. Five enforcement boundaries (input, AI output, persistence write, persistence read, tool result) consuming a shared idempotent scrub primitive. 27 provider-specific patterns plus a Shannon-entropy fallback calibrated to 4.5 bits/char (measured 100% recall, 0% high-confidence FP).
¶04Built the MCP security interception layer that validates and gates tool execution before LLM-initiated actions reach the file system or external services — enforcement boundary, not policy document. Intercept → Pause → Evaluate → Enforce pipeline operating under a Compromised Context threat model.
¶05Designed human-in-the-loop correction model: corrections stored as scoped annotations with timestamps, not global overrides. Prevents contamination of unrelated future outputs and resolves conflicts deterministically (narrower scope wins within applicability window).
¶06Drafted the full patent portfolio — Patent 1 (bounded retrieval + Governance Lock), Patent 1 CIP (multi-signal relationship enforcement with Markov decision-chain prediction), Patent 2 provisional (defense-in-depth credential scrubbing) — including §101 Alice arguments, §112 enablement, and OWASP LLM Top 10 (2025) controls mapping across nine categories.
¶07Security-first defaults: 100% local storage, zero telemetry, on-device vector index. Develops against a self-hosted inference stack (Ollama on TrueNAS SCALE) using the same MCP protocol it ships to users on Anthropic, Gemini, or OpenAI — backend is swappable, application code is identical. Shipped to VS Code Marketplace October 2025; active paid users in production.

Stack //TypeScript · Node.js · MCP · SQLite · Sentence-BERT (Xenova/all-MiniLM-L6-v2 on ONNX Runtime) · Markov decision-chain · keytar (OS keychain) · multi-LLM (Anthropic / Gemini / Ollama) · VS Code Extension API · CLI

// Project — R-01.02

RedArchives — Tamper-evident digital evidence platform.

¶01Designed for environments where evidence must survive adversarial challenge, insider threats, and legal scrutiny over decades. Mission: preserve documentation of war crimes and human rights violations with cryptographic integrity that doesn't depend on trusting the platform operator.
¶02Built layered integrity architecture (Artifact Ingestion → Provenance Ledger → Metadata Store → Verification Layer → Presentation Layer) with explicit separation of duties between storage, verification, and presentation.
¶03Implemented blockchain-anchored cryptographic fingerprinting at ingestion; fingerprints cover normalized metadata, not just content, preventing semantic rewriting without detection. Designed for algorithm agility and re-verification paths to address long-term cryptographic decay.
¶04Modeled explicit adversarial threats: post-hoc tampering, chain-of-custody disputes, insider risk, temporal attacks, selective disclosure, platform trust collapse. Same integrity discipline informs how I design trust-critical AI systems (training data provenance, evaluation artifacts, feedback integrity).

Stack //Next.js · TypeScript · IPFS / libp2p (Helia) · Hyperledger Fabric · Anthropic Claude · Google Vision · Prisma · AWS S3 · FFmpeg · Kubernetes

R-02

May 2022

↓ Feb 2026

St Petersburg, FL

Full-time

Senior IT & Security Systems Specialist

ShineOn

Owner-on-call for production systems in a fast-scaling e-commerce environment.

01Delivered $85K+ annual savings through SaaS rationalization, vendor consolidation, and lifecycle management. Consolidated access control, cameras, and network into a unified Ubiquiti environment, reducing attack surface.
02Identified and remediated silent security drift — configuration changes that weakened controls without triggering alerts. Restored posture without service disruption and introduced verification checks to detect future drift.
03Led incident response and root-cause analysis across endpoints, identity, and network telemetry; investigated suspicious activity using Microsoft Defender and system logs; produced runbooks, post-mortems, and audit-ready evidence.
04Administered and hardened Windows/Linux endpoints, virtualization, identity, and network infrastructure. Spearheaded company-wide Jira adoption; primary escalation for critical incidents; maintained 99.9% availability.

R-03

Nov 2021

↓ Present

Remote

Independent

Penetration Tester (Independent)

Quantum IT

01Full-scope penetration tests across networks, web applications, cloud infrastructure, and endpoints for SMB/enterprise clients. Tooling: Burp Suite, Nessus, Nmap, Metasploit, SQLMap, Kali Linux, custom scripts.
02Identified OWASP Top 10 vulnerabilities and high-risk findings (SQLi, XSS, auth bypass, broken authorization, API flaws, lateral movement, privilege escalation). Delivered executive risk reports with CVSS scoring, remediation guidance, and compliance alignment (NIST, ISO, HIPAA).

R-04

2003

↓ Present

Remote

Independent

IT Specialist

Independent Practice

Foundation for the operational instincts that shape my current security and AI platform work.

01Windows/Linux server administration, Active Directory, Group Policy, virtualization, hybrid cloud (AWS/Azure).
02Network architecture (VLANs, firewalls, VPNs), system hardening, patch management.
03Mentorship of junior staff.

§ 04

Core Competencies

Practised disciplines

C-01
AI Platform & Security
persistent context and bounded retrievalsemantic retrieval (Sentence-BERT embeddings, ONNX Runtime, cosine similarity)Markov-chain modeling over decision-tag sequencesMCP tool interception and runtime governancedefense-in-depth credential safety (5-layer scrubbing pipeline)Memory Amplifier threat model for memory-augmented AIOWASP LLM Top 10 (2025) controls mappingself-hosted inference (Ollama on TrueNAS SCALE)multi-LLM orchestration (Anthropic, Gemini, OpenAI, local)human-in-the-loop correction without RLHF-style contaminationprompt injection / jailbreak / unsafe tool-use testing
C-02
Security Engineering
threat modeling (Compromised Context, Memory Amplifier, adversarial input)offensive security (web/API/cloud, OWASP Top 10, MITRE ATT&CK)incident response & DFIREDR/SIEM (Microsoft Defender)identity (Entra ID / Azure AD)tamper-evident system designprovenance, auditability, chain-of-custodycryptographic fingerprinting and blockchain-anchored integrity
C-03
Software & Infrastructure
TypeScript, Node.js, PythonNext.js 15 (App Router), Radix UI, Tailwind, ShadCNVS Code extension architecture, MCP middleware, language serversFlutter / Dart (cross-platform mobile), BLE protocols, AR wearable SDKsPrisma, PostgreSQL, Redis, SQLiteIPFS / libp2p, Hyperledger FabricAWS, Azure, DigitalOcean, Cloudflare, Docker, Kubernetes, CI/CDLinux & Windows administration, virtualization, network segmentationTrueNAS SCALE, self-hosted infrastructure
C-04
Communication & Ownership
architecture decision records (dogfooded — Continuity logs its own)patent specification drafting (claim language, §101 Alice analysis, §112 enablement)technical writing (security threat models, white papers)runbooks, post-mortems, executive-ready risk reportingfounder-level scoping, vendor management, end-to-end delivery

§ 05

Credentials Index

Recognition / Verified

CR-01
Certified Ethical Hacker (CEH)
EC-Council
CR-02
Microsoft Cybersecurity Analyst Specialization
Entra ID · Defender · threat vectors · SC-900 prep
CR-03
ISC2 Cybersecurity Specialization
2024
CR-04
TryHackMe Leaderboard
Rank #231 United States · top 2,000 worldwide
CR-05
Captain — Children of Exu
Huntress CTF · 2023
CR-06
Patent Portfolio (in preparation)
USPTO · 3 applications: bounded retrieval, relationship enforcement (CIP), defense-in-depth credential scrubbing (provisional)

Verified Credentials // Credly

C-001

C-002

C-003

C-004

C-005

C-006

C-007

C-008

C-009

C-010

C-011

C-012

C-013

C-014

C-015

C-016

C-017

C-018