Sangharsha Upadhyaya (noob6t5)
Security researcher focused on AI/ML Red Teaming, vulnerability discovery, and AI safety research.
I specialize in adversarial testing, deceptive alignment, protocol auditing, and developing offensive & defensive security tools.
"Code is either a tool or a vulnerability, depending on who reads it first."
Status: Actively engaged in Red Teaming, AI Security Research, and responsible disclosure.
Curated collection of responsible disclosures and recognized contributions.(I will try to gather Untracked One too)
| Target / Vendor | Vulnerability Type | Reference / Impact |
|---|---|---|
| Draw.io (jgraph/drawio) | Data exfiltration & Stored XSS | CVE-2026-46642 |
| SAP | Account Takeover (ATO) | Security Advisory |
| Substack | OAuth Account Takeover (ATO) | Substack Hall of Fame |
| University of Texas | Information Disclosure | UT Austin Security HoF |
| Private Architecture | 2Γ Critical Vulnerabilities in Model Files | Responsible private disclosure |
- Temporal Weakening of KL-Regularized Safety Constraints (Part-1 Continued) β Formalization of the Temporal Exploitability Limit.
- Detectability Limits of Deceptive Optimization under KL-Regularized Behavioral Constraints (Part 1) β Research on deceptive alignment and detectability frontiers.
- Breaking Symmetry in Autonomous Defensive Swarms Under Adversarial Pressure β Simulation framework for swarm coordination and resilience.
- Semantic Retrieval Poisoning in Lightweight RAG Systems β Experimental analysis of retrieval poisoning and downstream instruction propagation in TinyLlama-based RAG pipelines under constrained environments.