I BUILD AI
SYSTEMS THAT
SURVIVE PRODUCTIONTGT LOCK.
I build AI automation and data pipelines that show their work and stay reliable in production. A multi-agent qualifier where two models cross-check each other and abstain when they disagree. An agent that writes SQL and corrects its own errors. A RAG pipeline that measures its retrieval quality before it answers. MCP servers that let an AI assistant query live business data mid-conversation.
Underneath all of it is the data craft that feeds every AI system: web scraping, PDF extraction, and Python pipelines that turn messy sources (websites, PDFs, public records, scattered APIs) into clean, structured data you can actually use.
All of it is public. Every claim on this page links back to its source: the repositories, a live app, published security advisories, a book you can download. Proof, not promise.

RETAIL MANAGEMENT SAAS
A full retail platform: fast point of sale, real-time inventory, integrated financials, a public online catalog, and advanced reports (margin, ABC curve, sales projection). Reads an entire Excel workbook on import. Built, shipped and operated end to end.
6 NA REDE
The official app of a footvolley club in Niterói: training schedule with attendance, balanced doubles draw, win rankings, events and gallery. A Next.js PWA shipped as a native iOS app via Capacitor, one codebase through Apple review, published under my own developer name.

CLIENT MISSIONS SHIP UNDER NDA. DESCRIBED BY OUTCOME, NOT BY NAME. QUOTES FROM PUBLIC REVIEWS OF COMPLETED CONTRACTS.
MARKET INTELLIGENCE PIPELINE
Daily scraping and enrichment for a US real-estate firm. Scheduler running 24/7 on a dedicated VPS, unattended.
His communication was excellent every step of the way.
CONFIG-DRIVEN CLEANSING ENGINE
Data cleansing driven entirely by configuration, backed by automated tests, so rules change without breaking pipelines.
Strong architecture, clear documentation, automated tests.
PROFESSIONAL REGISTRY EXTRACTION
Extraction and validation at scale: 7,010 validated records from a public physician registry, delivered clean and ahead of schedule.
Completed the work ahead of schedule and with accuracy. I would hire him again.
PRINT-VENDOR PRICING APIS
Six print vendors unified behind one pricing interface: a single contract over fragmented sources.
Clear, intelligent communication. Detail oriented.
MEDICAID FORM AUTOMATION
A manual government-form workflow automated end to end: fewer hands, fewer errors.
THE OTHER HALF OF BUILDING SYSTEMS THAT SURVIVE PRODUCTION: FINDING THE CRACKS IN EVERYONE ELSE'S. REAL, EXPLOITABLE, WITH A WORKING PROOF OF CONCEPT. IF THE IMPACT CANNOT BE PROVEN, IT DOES NOT BECOME A REPORT.
Every audit runs the same sequence. Nothing advances on a hunch. The AI-augmented pipeline widens the reach; the judgment of what is real stays with me.
DISCLOSURES
INCL. FRONTIER LABS
EVERY REPORT A REAL FINDING
SECURITY VULNERABILITY · ANTHROPIC
Found and reported a security vulnerability to Anthropic through their official bug bounty program on HackerOne. Reproduced with a working proof of concept, triaged, and awarded a bounty. Reported responsibly before the change reached a released tag.
AUTHORIZATION BYPASS · DIRECTUS
Row-level update permission bypass in Directus: /utils/sort and the GraphQL equivalent wrote attacker-supplied primary keys through raw knex, skipping the row filters. In multi-tenant setups a low-privileged tenant could reorder and corrupt content owned by others. Fixed and disclosed as a published GitHub Security Advisory, with public credit.
SSRF · MCP INSPECTOR
Server-side request forgery in the official Model Context Protocol Inspector: the authenticated /fetch proxy had no IP or hostname allowlist, so a malicious MCP server could pivot the proxy to internal addresses. Fixed and disclosed as a published GitHub Security Advisory, with public credit. Directly in the AI-agent supply-chain surface.
| AR-01 | ANTHROPIC | Arbitrary file read via PR-controlled symlink · CWE-22 · bounty paid | MEDIUM · 5.9 |
| AR-02 | ◆ DIRECTUS | Row-level authorization bypass via raw knex writes · GHSA published | MODERATE · 6.5 |
| AR-03 | ◆ MCP INSPECTOR | Post-auth SSRF via /fetch proxy · no IP allowlist · GHSA published | MODERATE |
| AR-04 | KONG | RCE via script sandbox escape · constructor bypass | ◆ CRITICAL |
| AR-05 | X / xAI | Arbitrary OS command exec via untrusted MCP server config | HIGH |
| AR-06 | VERCEL / NEXT.JS | Middleware auth bypass · incomplete-fix of a prior CVE | HIGH |
| AR-07 | KONG | RCE · trust-grant bypass of the STDIO safety modal | HIGH |
| AR-08 | UNICO IDTECH | Unauthenticated cross-tenant disclosure of ID-verification sessions | HIGH |
| AR-09 | SPOTIFY | Cross-entity authorization bypass via path traversal | MEDIUM |
| AR-10 | MONGODB | Arbitrary file write via path traversal · zip-slip | MEDIUM |
| AR-11 | UNICO IDTECH | Live analytics write-keys disclosed · arbitrary event injection | MEDIUM |
| AR-12 | BANCO PLATA | Unrestricted API key + backend surface via public runtime config | MEDIUM |
| AR-13 | BANCO PLATA | Public S3 bucket listing · 830 objects enumerable | MEDIUM |
ARTIFICIAL INTELLIGENCE IN PRACTICE
A free 84-page handbook on applied AI, written for developers who want to build with LLMs instead of just reading about them. Everything in it was tested by hand: from "what is a token" all the way to a working agent with tools, and what it costs to run.
A decade building data platforms inside one of Latin America's largest credit bureaus and two global consulting firms. On my own time, I ship products people pay for.
I work written-first: scope agreed in writing, decisions documented, delivery you can audit. The proof is on this page: running systems, tests that pass, contracts that closed at five stars.
One transmission is enough: what you need, where the data lives, what done looks like. I reply with questions or a plan, in writing.